Skip to main content
Version: 1.3

oras backup

[Experimental] Back up artifacts from a registry into an OCI image layout, saved either as a directory or a tar archive. The output format is determined by the file extension of the specified output path: if it ends with ".tar", the output will be a tar archive; otherwise, it will be a directory.

oras backup [flags] --output <path> <registry>/<repository>[:<ref1>[,<ref2>...]]

Examples

Back up a single artifact to a directory:

oras backup --output hello localhost:5000/hello:v1

Back up to a tar archive:

oras backup --output hello.tar localhost:5000/hello:v1

Back up an artifact along with its referrers (e.g. attestations, SBOMs):

oras backup --output hello --include-referrers localhost:5000/hello:v1

Back up multiple specific tags:

oras backup --output hello localhost:5000/hello:v1,v2,v3

Back up all tagged artifacts in a repository:

oras backup --output hello localhost:5000/hello

Use Referrers API for discovering referrers:

oras backup --output hello --include-referrers --distribution-spec v1.1-referrers-api localhost:5000/hello:v1

Use Referrers Tag Schema for discovering referrers:

oras backup --output hello --include-referrers --distribution-spec v1.1-referrers-tag localhost:5000/hello:v1

Back up from an insecure registry:

oras backup --output hello --insecure localhost:5000/hello:v1

Back up from a registry using plain HTTP (no TLS):

oras backup --output hello --plain-http localhost:5000/hello:v1

Set custom concurrency level:

oras backup --output hello --concurrency 6 localhost:5000/hello:v1

Options

      --ca-file string                             server certificate authority file for the remote registry
      --cert-file string                           client certificate file for the remote registry
      --concurrency int                            concurrency level (default 3)
  -d, --debug                                      output debug logs (implies --no-tty)
      --distribution-spec string                   [Preview] set OCI distribution spec version and API option for target. Options: v1.1-referrers-tag, v1.1-referrers-api
  -H, --header stringArray                         add custom headers to requests
  -h, --help                                       help for backup
      --identity-token string                      registry identity token
      --identity-token-stdin                       read identity token from stdin
      --include-referrers                          back up the artifact with its referrers (e.g., attestations, SBOMs)
      --insecure                                   allow connections to SSL registry without certs
      --key-file string                            client private key file for the remote registry
      --no-tty                                     [Preview] disable progress bars
  -o, --output string                              path to the target output, either a tar archive (*.tar) or a directory
  -p, --password string                            registry password or identity token
      --password-stdin                             read password from stdin
      --plain-http                                 allow insecure connections to registry without SSL check
      --registry-config path                       path of the authentication file for registry
      --resolve host:port:address[:address_port]   customized DNS for registry, formatted in host:port:address[:address_port]
  -u, --username string                            registry username

We are a Cloud Native Computing Foundation Sandbox Project.

Docusaurus themed imageDocusaurus themed image