oras(1)
Push and pull OCI artifacts (container images, charts, signatures) to and from OCI-compliant registries.
Synopsis
oras [COMMAND] [FLAGS]Description
ORAS (OCI Registry As Storage) is a tool for managing OCI artifacts in container registries. It enables pushing, pulling, and discovering artifacts beyond container images—including Helm charts, Kubernetes manifests, signatures, and SBOMs—using standard OCI registry APIs.
ORAS authenticates using Docker config credentials or explicit flags, and supports artifact tagging, discovery, and registry operations through a simple CLI.
Common options
| Flag | What it does |
|---|---|
push | Push artifacts to a registry |
pull | Pull artifacts from a registry |
cp | Copy artifacts between registries |
discover | Discover artifacts linked to a given artifact |
-u, --username | Registry username for authentication |
-p, --password | Registry password for authentication |
--insecure | Allow connections to HTTP registries (not HTTPS) |
-v, --verbose | Enable verbose output for debugging |
--config | Custom path to Docker config file |
--pretty | Pretty-print JSON output |
Examples
Push a JSON file as an artifact with specified media type to a local registry
oras push localhost:5000/myapp:v1 config.json:application/jsonPull all artifacts from a specific tag and save to the downloads directory
oras pull localhost:5000/myapp:v1 -o ./downloadsPush a Helm chart to GitHub Container Registry with correct media type
oras push ghcr.io/user/app:v1.0 chart.tgz:application/vnd.cncf.helm.chart.v1.tar+gzipCopy artifacts from a local registry to GitHub Container Registry
oras cp localhost:5000/myapp:v1 ghcr.io/user/myapp:v1List all artifacts (like signatures or SBOMs) linked to an artifact
oras discover localhost:5000/myapp:v1Push artifact with explicit username and password authentication
oras push -u myuser -p mytoken myregistry.azurecr.io/app:v1 app.tar:application/octet-stream