LinuxCommandLibrary

crane-cp

Copy files between local filesystem and container

TLDR

View documentation for the original command

$ tldr crane copy
copy

SYNOPSIS

crane cp [<flags>] <source_ref> <dest_ref>
e.g., crane cp alpine:latest ghcr.io/user/alpine:latest

PARAMETERS

--overwrite, -o
    Overwrite destination image if it exists.


--preserve-digests
    Preserve source digests in destination manifest.


--platform
    Copy only images for specific platform(s), e.g., --platform=linux/amd64.


--insecure
    Allow HTTP, insecure registries, or skip TLS verification.


--registry-mirror-url
    Use a registry mirror URL for src or dst.


--silent
    Suppress progress output.


--src-cert <file>
    Client certificate for source registry.


--dst-cert <file>
    Client certificate for destination registry.


DESCRIPTION

crane cp is a fast, lightweight command from the crane CLI toolset, part of Google's go-containerregistry project. It efficiently copies container images (OCI or Docker format) from a source registry to a destination registry, supporting multi-platform images, digests preservation, and insecure connections. Ideal for airgapped environments, mirroring, or migration tasks.

Unlike heavier tools like docker, crane operates without a daemon, using minimal memory and HTTP/2 for speed. It handles authentication via standard mechanisms (e.g., ~/.docker/config.json) and supports platform filtering to copy only specific architectures (e.g., amd64). Progress is shown by default, but can be silenced.

Common use cases include replicating images to private registries, testing multi-arch copies, or scripting registry syncs. It verifies layers and manifests during transfer, ensuring integrity without full pulls/pushes.

CAVEATS

Requires network access to both registries; large images may take time despite efficiency. No built-in resume on interrupt. Use --preserve-digests carefully to avoid mismatches.

EXAMPLES

crane cp --insecure docker.io/library/nginx:latest localhost:5000/nginx
crane cp --platform=linux/arm64 busybox:latest registry.example.com/busybox
crane cp --preserve-digests gcr.io/project/img@sha256:... gcr.io/prod/img

AUTHENTICATION

Uses <b>~/.docker/config.json</b> or environment vars like REGISTRY_USERNAME. Supports token auth for GitHub Container Registry, etc.

HISTORY

Introduced in crane v0.7.0 (2020) by Google Container Tools team as part of go-containerregistry. Gained popularity for daemonless workflows; actively maintained with v0.20+ supporting OCI 1.1.

SEE ALSO

crane(1), skopeo copy(1), regctl image copy(1)

Copied to clipboard