
What is Skopeo?
Skopeo is a tool to manage and distribute container images. It can work also between different image registries. For example, you can copy container images from public registries such as quay.io and docker.io to your local registry or vice versa. Even, it is possible to move them directly into a Docker daemon. Red Hat has developed Skopeo as an accompanying tool for Buildah, Podman, and CRI-O. Remarkably, it does not necessarily require root privileges and a daemon process. However, you can only use Skopeo on Linux systems for now. There is no Windows version, yet you can use Skopeo inside a container.Â
Differences with Docker Image Command
Skopeo gives you flexibility by allowing you to work with a wide variety of images and repository types. Using Skopeo CLI, you can operate on container registry, container storage, local file system, Docker archive, Docker daemon, and local directory with OCI formatting efficiently.
One of the striking features of Skopeo is the advanced usage of the inspect
command set. Containers certainly make our life easier by building and installing applications. We often need their metadata. Therefore, it is crucial to easily access valuable information such as Digests and Layers. Yet, querying container metadata is sometimes challenging.


Docker has some pretty limited functionality for this issue. It would help if you used docker pull
command first and downloaded images to the local machine to access container metadata. However, skopeo inspect
does its job without downloading the container image to your locale. Just identify the container format, the location of the registry, and the repository/image. It is a much better solution than having to run docker image pull IMAGE_NAME
; docker image inspect IMAGE_NAME
.
Besides inspecting metadata of remote repositories, Skopeo enables users to perform various operations. It includes copying and deleting images from an image repository, signing and converting images across different formats, or syncing remote registries. Skopeo could also deal with credentials and authentication successfully when required by the repository.
Basic Operations
Inspect
Examines a repository on a container registry and fetches images layers. Output can be in JSON format (default) or raw format.
$ skopeo inspect docker://registry.fedoraproject.org/fedora:latest { "Name": "registry.fedoraproject.org/fedora", "Digest": "sha256:655721ff613ee766a4126cb5e0d5ae81598e1b0c3bcf7017c36c4d72cb092fe9", "RepoTags": [ "24", "25", "26-modular", ... ], "Created": "2020-04-29T06:48:16Z", "DockerVersion": "1.10.1", "Labels": { "license": "MIT", "name": "fedora", "vendor": "Fedora Project", "version": "32" }, "Architecture": "amd64", "Os": "linux", "Layers": [ "sha256:3088721d7dbf674fc0be64cd3cf00c25aab921cacf35fa0e7b1578500a3e1653" ], "Env": [ "DISTTAG=f32container", "FGC=f32", "container=oci" ] }
Copy
Copies container images between various storage mechanisms, including registry, storage, local directory, and OCI-Layout directories.
$ skopeo copy docker://quay.io/buildah/stable docker://registry.internal.company.com/buildah
$ skopeo copy oci:busybox_ocilayout:latest dir:existingemptydirectory
Delete
$ skopeo delete docker://localhost:5000/imagename:latest
Sync
$ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
Login (Authenticating)
Skopeo supports various ways to specify credentials. Let’s use --creds
flag directly.
$ skopeo inspect --creds=testuser:testpassword docker://myregistrydomain.com:5000/busybox {"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
$ skopeo copy --src-creds=testuser:testpassword docker://myregistrydomain.com:5000/private oci:local_oci_image
Conclusion
Skopeo is a worldwide application that moves container images. It seems to be an indispensable tool along with Podman and Buildah in CI/CD systems. Especially, it is valid for keeping container registries up-to-date and loading up container storage to several container servers.
**It was created by using the content of the website: https://github.com/containers/skopeo.