podman-build/docs/build/man/podman-artifact-pull.1

.nh
.TH podman-artifact-pull 1
.SH NAME
podman-artifact-pull \- Pulls an artifact from a registry and stores it locally

.SH SYNOPSIS
\fBpodman artifact pull\fP [\fIoptions\fP] \fIsource\fP

.SH DESCRIPTION
podman artifact pull copies an artifact from a registry onto the local machine.

.SH SOURCE
SOURCE is the location from which the artifact image is obtained.

.EX
# Pull from a registry
$ podman artifact pull quay.io/foobar/artifact:special
.EE

.SH OPTIONS
.SS \fB--authfile\fP=\fIpath\fP
Path of the authentication file. Default is \fB${XDG_RUNTIME_DIR}/containers/auth.json\fR on Linux, and \fB$HOME/.config/containers/auth.json\fR on Windows/macOS.
The file is created by \fBpodman login\fP\&. If the authorization state is not found there, \fB$HOME/.docker/config.json\fR is checked, which is set using \fBdocker login\fP\&.

.PP
Note: There is also the option to override the default path of the authentication file by setting the \fBREGISTRY_AUTH_FILE\fR environment variable. This can be done with \fBexport REGISTRY_AUTH_FILE=\fIpath\fP\fP\&.

.SS \fB--cert-dir\fP=\fIpath\fP
Use certificates at \fIpath\fP (*\&.crt, *\&.cert, *\&.key) to connect to the registry. (Default: /etc/containers/certs.d)
For details, see \fBcontainers-certs.d(5)\fP\&.
(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

.SS \fB--creds\fP=\fI[username[:password]]\fP
The [username[:password]] to use to authenticate with the registry, if required.
If one or both values are not supplied, a command line prompt appears and the
value can be entered. The password is entered without echo.

.PP
Note that the specified credentials are only used to authenticate against
target registries.  They are not used for mirrors or when the registry gets
rewritten (see \fBcontainers-registries.conf(5)\fR); to authenticate against those
consider using a \fBcontainers-auth.json(5)\fR file.

.SS \fB--decryption-key\fP=\fIkey[:passphrase]\fP
The [key[:passphrase]] to be used for decryption of images. Key can point to keys and/or certificates. Decryption is tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and omitted otherwise.

.SS \fB--help\fP, \fB-h\fP
Print the usage statement.

.SS \fB--quiet\fP, \fB-q\fP
Suppress output information when pulling images

.SS \fB--retry\fP=\fIattempts\fP
Number of times to retry pulling or pushing images between the registry and
local storage in case of failure. Default is \fB3\fP\&.

.SS \fB--retry-delay\fP=\fIduration\fP
Duration of delay between retry attempts when pulling or pushing images between
the registry and local storage in case of failure. The default is to start at two seconds and then exponentially back off. The delay is used when this value is set, and no exponential back off occurs.

.SS \fB--tls-verify\fP
Require HTTPS and verify certificates when contacting registries (default: \fBtrue\fP).
If explicitly set to \fBtrue\fP, TLS verification is used.
If set to \fBfalse\fP, TLS verification is not used.
If not specified, TLS verification is used unless the target registry
is listed as an insecure registry in \fBcontainers-registries.conf(5)\fP

.SH FILES
.SH EXAMPLES
Pull an artifact from a registry

.EX
podman artifact pull quay.io/baude/artifact:josey
Getting image source signatures
Copying blob e741c35a27bb done   |
Copying config 44136fa355 done   |
Writing manifest to image destination

.EE

.SH SEE ALSO
\fBpodman(1)\fP, \fBpodman-artifact(1)\fP, \fBpodman-login(1)\fP, \fBcontainers-certs.d(5)\fP

.SS Troubleshooting
See podman-troubleshooting(7)
for solutions to common issues.

.SH HISTORY
Jan 2025, Originally compiled by Brent Baude bbaude@redhat.com
\[la]mailto:bbaude@redhat.com\[ra]