crane-registry

Serve a registry implementation

$ crane registry serve

$ crane registry serve --address [address_name]

$ crane registry serve --disk [path/to/store_directory]

$ crane registry [[-h|--help]]

$ crane registry serve [[-h|--help]]

crane-registry [global flags] <subcommand> [args]

--help, -h
    Show help for the command.

--insecure
    Allow connections to insecure registries (HTTP, self-signed certs).
Warning: Use only when necessary.

--platform <platform>
    Specify platform like amd64/linux or arm64.
Format: <arch>/<os>[/<variant>].

--progress <mode>
    Progress display: auto, tty, or none. Default: auto.

--registry-mirror-urls <urls>
    List of registry mirrors as URL@DIGEST.
Repeatable flag.

-v, --version
    Print version information and exit.

--verbose
    Enable verbose logging output.

crane-registry is a lightweight, high-performance command-line interface (CLI) designed for interacting with container image registries compliant with the OCI Distribution Specification. Developed as part of Google's go-containerregistry project, it enables users to perform operations like pulling, pushing, listing, inspecting, copying, and manipulating OCI images and artifacts without needing a full container runtime like Docker or Podman.

Key features include digest verification for image integrity, platform-specific image handling (e.g., amd64/linux or arm64), support for insecure registries (with caution), and efficient streaming for large images. It's ideal for CI/CD pipelines, scripting, air-gapped environments, and reproducible builds via image pinning.

Unlike heavier tools, crane-registry is a single static binary written in Go, making it portable and easy to install via package managers like Homebrew, apt, or direct download. It supports multiple registries out-of-the-box, including Docker Hub, Google Container Registry, and private ones, and integrates well with tools like Cosign for signing and Rekor for transparency logs.

Common use cases: crane-registry digest myimage:latest to get SHA256 digest, crane-registry cp src reg:dest for copying, or crane-registry pull --platform linux/arm64 alpine for architecture-specific pulls. Its verbose mode and progress indicators enhance usability in terminals.

Does not mount images or run containers; image manipulation only.
Authentication via standard credential helpers (e.g., docker config).
Builds require Go 1.21+; no Windows Docker support.

auth login: Login to registry.
cat: Output image config/layers.
cp: Copy image between refs/registries.
digest: Compute image digest.
ls: List tags.
pull/push: Fetch/store images.
pin: Pin image to digest.

curl -sL https://github.com/google/go-containerregistry/releases/latest/download/crane_*.linux_amd64.tar.gz | tar xz
Or: go install github.com/google/go-containerregistry/cmd/crane@latest.

Introduced in 2020 as part of go-containerregistry v0.1.0 by GoogleCloudPlatform team.
Actively maintained with regular releases; v0.18+ added artifact support and better multi-arch handling.
Popular in Kubernetes ecosystem for image promotion and validation.

skopeo(1), reg(1), podman(1), docker(1), buildah(1)