podman-manifest-push(1) General Commands Manual podman-manifest-push(1)
NAME
podman-manifest-push - Push a manifest list or image index to a registry
SYNOPSIS
podman manifest push [options] listnameorindexname [destination]
DESCRIPTION
Pushes a manifest list or image index to a registry.
RETURN VALUE
The list image's ID and the digest of the image's manifest.
OPTIONS
--add-compression=compression
Makes sure that requested compression variant for each platform is added
to the manifest list keeping original instance intact in the same mani-
fest list. Supported values are (gzip, zstd and zstd:chunked). Following
flag can be used multiple times.
Note that --compression-format controls the compression format of each
instance in the manifest list. --add-compression will add another vari-
ant for each instance in the list with the specified compressions.
--compression-format gzip --add-compression zstd will push a manifest
list with each instance being compressed with gzip plus an additional
variant of each instance being compressed with zstd.
--all
Push the images mentioned in the manifest list or image index, in addi-
tion to the list or index itself. (Default true)
--authfile=path
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain-
ers/auth.json on Linux, and $HOME/.config/containers/auth.json on Win-
dows/macOS. The file is created by podman login. If the authorization
state is not found there, $HOME/.docker/config.json is checked, which is
set using docker login.
Note: There is also the option to override the default path of the au-
thentication file by setting the REGISTRY_AUTH_FILE environment vari-
able. This can be done with export REGISTRY_AUTH_FILE=path.
--cert-dir=path
Use certificates at path (*.crt, *.cert, *.key) to connect to the reg-
istry. (Default: /etc/containers/certs.d) For details, see containers-
certs.d(5). (This option is not available with the remote Podman
client, including Mac and Windows (excluding WSL2) machines)
--compression-format=gzip | zstd | zstd:chunked
Specifies the compression format to use. Supported values are: gzip,
zstd and zstd:chunked. The default is gzip unless overridden in the
containers.conf file. zstd:chunked is incompatible with encrypting im-
ages, and will be treated as zstd with a warning in that case.
--compression-level=level
Specifies the compression level to use. The value is specific to the
compression algorithm used, e.g. for zstd the accepted values are in the
range 1-20 (inclusive) with a default of 3, while for gzip it is 1-9
(inclusive) and has a default of 5.
--creds=[username[:password]]
The [username[:password]] to use to authenticate with the registry, if
required. If one or both values are not supplied, a command line prompt
appears and the value can be entered. The password is entered without
echo.
Note that the specified credentials are only used to authenticate
against target registries. They are not used for mirrors or when the
registry gets rewritten (see containers-registries.conf(5)); to authen-
ticate against those consider using a containers-auth.json(5) file.
--digestfile=Digestfile
After copying the image, write the digest of the resulting image to the
file.
--force-compression
If set, push uses the specified compression algorithm even if the desti-
nation contains a differently-compressed variant already. Defaults to
true if --compression-format is explicitly specified on the command-
line, false otherwise.
--format, -f=format
Manifest list type (oci or v2s2) to use when pushing the list (default
is oci).
--quiet, -q
When writing the manifest, suppress progress output
--remove-signatures
Don't copy signatures when pushing images.
--rm
Delete the manifest list or image index from local storage if pushing
succeeds.
--sign-by=fingerprint
Sign the pushed images with a “simple signing” signature using the spec-
ified key. (This option is not available with the remote Podman client,
including Mac and Windows (excluding WSL2) machines)
--sign-by-sigstore=param-file
Add a sigstore signature based on further options specified in a con-
tainer's sigstore signing parameter file param-file. See containers-
sigstore-signing-params.yaml(5) for details about the file format.
--sign-by-sigstore-private-key=path
Sign the pushed images with a sigstore signature using a private key at
the specified path. (This option is not available with the remote Podman
client, including Mac and Windows (excluding WSL2) machines)
--sign-passphrase-file=path
If signing the image (using either --sign-by or --sign-by-sigstore-pri-
vate-key), read the passphrase to use from the specified path.
--tls-verify
Require HTTPS and verify certificates when contacting registries (de-
fault: true). If explicitly set to true, TLS verification is used. If
set to false, TLS verification is not used. If not specified, TLS veri-
fication is used unless the target registry is listed as an insecure
registry in containers-registries.conf(5)
DESTINATION
DESTINATION is the location the container image is pushed to. It sup-
ports all transports from containers-transports(5). If no transport is
specified, the docker (i.e., container registry) transport is used. For
remote clients, including Mac and Windows (excluding WSL2) machines,
docker is the only supported transport.
EXAMPLE
Push manifest list to container registry:
podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
SEE ALSO
podman(1), podman-manifest(1), containers-transports(5)
podman-manifest-push(1)
Generated by dwww version 1.16 on Tue Dec 16 05:57:26 CET 2025.