podman-push(1) General Commands Manual podman-push(1)
NAME
podman-push - Push an image, manifest list or image index from local
storage to elsewhere
SYNOPSIS
podman push [options] image [destination]
podman image push [options] image [destination]
DESCRIPTION
Pushes an image, manifest list or image index from local storage to a
specified destination.
Image storage
Images are pushed from those stored in local image storage.
DESTINATION
DESTINATION is the location the container image is pushed to. It sup-
ports all transports from containers-transports(5). If no transport is
specified, the docker (i.e., container registry) transport is used. For
remote clients, including Mac and Windows (excluding WSL2) machines,
docker is the only supported transport.
# Push to a container registry
$ podman push quay.io/podman/stable
# Push to a container registry via the docker transport
$ podman push docker://quay.io/podman/stable
# Push to a container registry with another tag
$ podman push myimage quay.io/username/myimage
# Push to a local directory
$ podman push myimage dir:/tmp/myimage
# Push to a tarball in the docker-archive format
$ podman push myimage docker-archive:/tmp/myimage
# Push to a local docker daemon
$ sudo podman push myimage docker-daemon:docker.io/library/myimage:33
# Push to a tarball in the OCI format
$ podman push myimage oci-archive:/tmp/myimage
OPTIONS
--authfile=path
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain-
ers/auth.json on Linux, and $HOME/.config/containers/auth.json on Win-
dows/macOS. The file is created by podman login. If the authorization
state is not found there, $HOME/.docker/config.json is checked, which is
set using docker login.
Note: There is also the option to override the default path of the au-
thentication file by setting the REGISTRY_AUTH_FILE environment vari-
able. This can be done with export REGISTRY_AUTH_FILE=path.
--cert-dir=path
Use certificates at path (*.crt, *.cert, *.key) to connect to the reg-
istry. (Default: /etc/containers/certs.d) For details, see containers-
certs.d(5). (This option is not available with the remote Podman
client, including Mac and Windows (excluding WSL2) machines)
--compress
Compress tarball image layers when pushing to a directory using the
'dir' transport. (default is same compression type, compressed or uncom-
pressed, as source)
Note: This flag can only be set when using the dir transport
--compression-format=gzip | zstd | zstd:chunked
Specifies the compression format to use. Supported values are: gzip,
zstd and zstd:chunked. The default is gzip unless overridden in the
containers.conf file. zstd:chunked is incompatible with encrypting im-
ages, and will be treated as zstd with a warning in that case.
--compression-level=level
Specifies the compression level to use. The value is specific to the
compression algorithm used, e.g. for zstd the accepted values are in the
range 1-20 (inclusive) with a default of 3, while for gzip it is 1-9
(inclusive) and has a default of 5.
--creds=[username[:password]]
The [username[:password]] to use to authenticate with the registry, if
required. If one or both values are not supplied, a command line prompt
appears and the value can be entered. The password is entered without
echo.
Note that the specified credentials are only used to authenticate
against target registries. They are not used for mirrors or when the
registry gets rewritten (see containers-registries.conf(5)); to authen-
ticate against those consider using a containers-auth.json(5) file.
--digestfile=Digestfile
After copying the image, write the digest of the resulting image to the
file.
--disable-content-trust
This is a Docker-specific option to disable image verification to a con-
tainer registry and is not supported by Podman. This option is a NOOP
and provided solely for scripting compatibility.
--encrypt-layer=layer(s)
Layer(s) to encrypt: 0-indexed layer indices with support for negative
indexing (e.g. 0 is the first layer, -1 is the last layer). If not de-
fined, encrypts all layers if encryption-key flag is specified.
--encryption-key=key
The [protocol:keyfile] specifies the encryption protocol, which can be
JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
required for image encryption. For instance, jwe:/path/to/key.pem or
pgp:admin@example.com or pkcs7:/path/to/x509-file.
--force-compression
If set, push uses the specified compression algorithm even if the desti-
nation contains a differently-compressed variant already. Defaults to
true if --compression-format is explicitly specified on the command-
line, false otherwise.
--format, -f=format
Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.
--quiet, -q
When writing the output image, suppress progress output
--remove-signatures
Discard any pre-existing signatures in the image.
--retry=attempts
Number of times to retry pulling or pushing images between the registry
and local storage in case of failure. Default is 3.
--retry-delay=duration
Duration of delay between retry attempts when pulling or pushing images
between the registry and local storage in case of failure. The default
is to start at two seconds and then exponentially back off. The delay is
used when this value is set, and no exponential back off occurs.
--sign-by=key
Add a “simple signing” signature at the destination using the specified
key. (This option is not available with the remote Podman client, in-
cluding Mac and Windows (excluding WSL2) machines)
--sign-by-sigstore=param-file
Add a sigstore signature based on further options specified in a con-
tainer's sigstore signing parameter file param-file. See containers-
sigstore-signing-params.yaml(5) for details about the file format.
--sign-by-sigstore-private-key=path
Add a sigstore signature at the destination using a private key at the
specified path. (This option is not available with the remote Podman
client, including Mac and Windows (excluding WSL2) machines)
--sign-passphrase-file=path
If signing the image (using either --sign-by or --sign-by-sigstore-pri-
vate-key), read the passphrase to use from the specified path.
--tls-verify
Require HTTPS and verify certificates when contacting registries (de-
fault: true). If explicitly set to true, TLS verification is used. If
set to false, TLS verification is not used. If not specified, TLS veri-
fication is used unless the target registry is listed as an insecure
registry in containers-registries.conf(5)
EXAMPLE
Push the specified image to a local directory:
# podman push imageID dir:/path/to/image
Push the specified image to a local directory in OCI format:
# podman push imageID oci-archive:/path/to/layout:image:tag
Push the specified image to a container registry:
# podman push imageID docker://registry.example.com/repository:tag
Push the specified image to a container registry and save the digest in
the specified file:
# podman push --digestfile=/tmp/mydigest imageID docker://registry.example.com/repository:tag
Push the specified image into the local Docker daemon container store:
# podman push imageID docker-daemon:image:tag
Push the specified image with a different image name using credentials
from an alternate authfile path:
# podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
Getting image source signatures
Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
4.03 MB / 4.03 MB [========================================================] 1s
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
1.41 KB / 1.41 KB [========================================================] 1s
Writing manifest to image destination
Storing signatures
Push the specified image to a local directory as an OCI image:
# podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
Getting image source signatures
Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
71.41 MB / 71.41 MB [======================================================] 9s
Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
1.21 KB / 1.21 KB [========================================================] 0s
Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
3.01 KB / 3.01 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
SEE ALSO
podman(1), podman-pull(1), podman-login(1), containers-certs.d(5), con-
tainers-registries.conf(5), containers-transports(5)
Troubleshooting
See podman-troubleshooting(7) for solutions to common issues.
podman-push(1)
Generated by dwww version 1.16 on Tue Dec 16 06:21:36 CET 2025.