$linuxjunkies
>

oras(1)

Push and pull OCI artifacts (container images, charts, signatures) to and from OCI-compliant registries.

UbuntuDebianFedoraArch

Synopsis

oras [COMMAND] [FLAGS]

Description

ORAS (OCI Registry As Storage) is a tool for managing OCI artifacts in container registries. It enables pushing, pulling, and discovering artifacts beyond container images—including Helm charts, Kubernetes manifests, signatures, and SBOMs—using standard OCI registry APIs.

ORAS authenticates using Docker config credentials or explicit flags, and supports artifact tagging, discovery, and registry operations through a simple CLI.

Common options

FlagWhat it does
pushPush artifacts to a registry
pullPull artifacts from a registry
cpCopy artifacts between registries
discoverDiscover artifacts linked to a given artifact
-u, --usernameRegistry username for authentication
-p, --passwordRegistry password for authentication
--insecureAllow connections to HTTP registries (not HTTPS)
-v, --verboseEnable verbose output for debugging
--configCustom path to Docker config file
--prettyPretty-print JSON output

Examples

Push a JSON file as an artifact with specified media type to a local registry

oras push localhost:5000/myapp:v1 config.json:application/json

Pull all artifacts from a specific tag and save to the downloads directory

oras pull localhost:5000/myapp:v1 -o ./downloads

Push a Helm chart to GitHub Container Registry with correct media type

oras push ghcr.io/user/app:v1.0 chart.tgz:application/vnd.cncf.helm.chart.v1.tar+gzip

Copy artifacts from a local registry to GitHub Container Registry

oras cp localhost:5000/myapp:v1 ghcr.io/user/myapp:v1

List all artifacts (like signatures or SBOMs) linked to an artifact

oras discover localhost:5000/myapp:v1

Push artifact with explicit username and password authentication

oras push -u myuser -p mytoken myregistry.azurecr.io/app:v1 app.tar:application/octet-stream

Related commands