crane
interact with container registries without Docker
TLDR
Pull image
$ crane pull [registry/image:tag] [output.tar]
Push imagecopy
$ crane push [image.tar] [registry/image:tag]
Copy image between registriescopy
$ crane copy [src/image:tag] [dst/image:tag]
List tags for imagecopy
$ crane ls [registry/image]
Get image digestcopy
$ crane digest [registry/image:tag]
Get image manifestcopy
$ crane manifest [registry/image:tag]
Get image configurationcopy
$ crane config [registry/image:tag]
Authenticate to registrycopy
$ crane auth login [registry] -u [user] -p [password]
copy
SYNOPSIS
crane command [options] [arguments]
DESCRIPTION
crane is a tool for interacting with container registries. It can pull, push, copy, and inspect container images without requiring a container runtime like Docker. Part of the go-containerregistry project.
PARAMETERS
--platform os/arch
Target platform (e.g., linux/amd64)--insecure
Allow insecure registry connections-v, --verbose
Verbose output
CONFIGURATION
~/.docker/config.json
Docker configuration file storing registry credentials used by crane for authentication.
COMMANDS
pull
Download image as tarballpush
Upload tarball as imagecopy
Copy image between registriesls
List tags for repositorydigest
Get image digestmanifest
Get image manifestconfig
Get image configcatalog
List repositories in registryauth
Manage registry authenticationappend
Append layers to imageflatten
Flatten image layersmutate
Modify image metadatavalidate
Validate imageexport
Export filesystem from image
ENVIRONMENT
DOCKER_CONFIG
Path to Docker config for credentials
CAVEATS
Does not require Docker daemon. Uses OCI registry API directly. Credentials read from Docker config by default.