% podman-push(1)
podman-push - Push an image from local storage to elsewhere
podman push [options] image [destination]
Pushes an image from local storage to a specified destination. Push is mainly used to push images to registries, however podman push can be used to save images to tarballs and directories using the following transports: dir:, docker-archive:, docker-daemon:, oci-archive:, and ostree:.
Image stored in local container/storage
The DESTINATION is a location to store container images The Image "DESTINATION" uses a "transport":"details" format. If a transport is not given, podman push will attempt to push to a registry.
Multiple transports are supported:
dir:path An existing local directory path storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
docker://docker-reference
An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in $XDG_RUNTIME_DIR/containers/auth.json, which is set using (podman login). If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using (docker login).
docker-archive:path[:docker-reference]
An image is stored in the docker save formatted file. docker-reference is only used when creating such a file, and it must not contain a digest.
docker-daemon:docker-reference An image docker-reference stored in the docker daemon internal storage. docker-reference must contain either a tag or a digest. Alternatively, when reading images, the format can also be docker-daemon:algo:digest (an image ID).
oci-archive:path:tag An image tag in a directory compliant with "Open Container Image Layout Specification" at path.
ostree:image[@/absolute/repo/path] An image in local OSTree repository. /absolute/repo/path defaults to /ostree/repo.
--authfile
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login.
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.
Note: You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE
environment variable. export REGISTRY_AUTH_FILE=path
--creds="CREDENTIALS"
The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo.
--cert-dir path
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d.
--compress
Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source) Note: This flag can only be set when using the dir transport
--format, -f
Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source) Note: This flag can only be set when using the dir transport
--quiet, -q
When writing the output image, suppress progress output
--remove-signatures
Discard any pre-existing signatures in the image
--signature-policy="PATHNAME"
Pathname of a signature policy file to use. It is not recommended that this option be used, as the default behavior of using the system-wide default policy (frequently /etc/containers/policy.json) is most often preferred
--sign-by="KEY"
Add a signature at the destination using the specified key
--tls-verify
Require HTTPS and verify certificates when contacting registries (default: true)
This example extracts the imageID image to a local directory in docker format.
# podman push imageID dir:/path/to/image
This example extracts the imageID image to a local directory in oci format.
# podman push imageID oci-archive:/path/to/layout:image:tag
This example extracts the imageID image to a container registry named registry.example.com
# podman push imageID docker://registry.example.com/repository:tag
This example extracts the imageID image and puts into the local docker container store
# podman push imageID docker-daemon:image:tag
This example pushes the alpine image to umohnani/alpine on dockerhub and reads the creds from the path given to --authfile
# podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
Getting image source signatures
Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
4.03 MB / 4.03 MB [========================================================] 1s
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
1.41 KB / 1.41 KB [========================================================] 1s
Writing manifest to image destination
Storing signaturesThis example pushes the rhel7 image to rhel7-dir with the "oci" manifest type
# podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
Getting image source signatures
Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
71.41 MB / 71.41 MB [======================================================] 9s
Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
1.21 KB / 1.21 KB [========================================================] 0s
Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
3.01 KB / 3.01 KB [========================================================] 0s
Writing manifest to image destination
Storing signaturespodman(1), podman-pull(1), podman-login(1), crio(8)