Is Skopeo — Registry-Agnostic Container Image Toolkit free to use?

Yes. Skopeo — Registry-Agnostic Container Image Toolkit is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Skopeo — Registry-Agnostic Container Image Toolkit?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

ScriptsApr 15, 2026·3 min read

Skopeo — Registry-Agnostic Container Image Toolkit

Skopeo inspects, copies, signs, and deletes container images across registries without a daemon — the Swiss Army knife for OCI image plumbing in CI pipelines.

Script Depot · Community

TL;DR

Skopeo manages container images across registries without needing a Docker daemon, ideal for CI and air-gapped mirrors.

§01

What it is

Skopeo is a command-line utility for performing operations on container images and image registries. It can inspect, copy, sign, and delete images across any OCI-compliant or Docker registry without requiring a running Docker daemon. Skopeo is part of the Red Hat containers ecosystem alongside Podman, Buildah, and CRI-O.

DevOps engineers, CI pipeline authors, and platform teams who need to mirror, audit, or transfer container images across registries will find Skopeo essential. It supports multiple transports including Docker registries, OCI layouts, OCI archives, and local directories.

§02

How it saves time or tokens

Traditional image mirroring requires pulling an image to a local Docker daemon and then pushing it to a destination registry. Skopeo performs registry-to-registry copies directly, skipping the local storage layer entirely. This eliminates disk I/O overhead and reduces pipeline execution time. For air-gapped environments, skopeo sync can mirror entire repositories in a single command rather than scripting individual pull-tag-push sequences.

§03

How to use

Install Skopeo via your package manager (brew install skopeo on macOS, apt install skopeo on Debian/Ubuntu)
Inspect a remote image to check its manifest and layers:

skopeo inspect docker://alpine:latest

Copy images between registries without a local daemon:

skopeo copy docker://quay.io/prometheus/prometheus:latest \
  docker://registry.example.com/prom/prometheus:latest

Mirror a full repository for air-gapped deployments:

skopeo sync --src docker --dest dir registry.io/myorg/myapp /local/mirror/

§04

Example

# Inspect image metadata without pulling
skopeo inspect docker://nginx:1.25 | jq '.Digest, .Architecture'

# Copy to an OCI layout for offline transfer
skopeo copy docker://postgres:16 oci:./oci-layout:postgres:16

# List all tags in a remote repository
skopeo list-tags docker://docker.io/library/python

# Sign an image on copy with cosign
skopeo copy --sign-by key@example.com \
  docker://src-registry.io/app:v1 \
  docker://dst-registry.io/app:v1

§05

Related on TokRepo

DevOps Automation Tools -- explore automation workflows for CI/CD pipelines
Self-Hosted Tools -- discover self-hosted infrastructure tools

§06

Common pitfalls

Skopeo does not build images. Use Buildah or Docker for image creation, then Skopeo for transport.
Authentication credentials must be configured per-registry via skopeo login or ~/.docker/config.json. Missing auth causes cryptic 401 errors.
The sync command mirrors all tags by default. Use --scoped to preserve repository paths and avoid tag collisions in the destination.

Frequently Asked Questions

What is the difference between Skopeo and Docker for image management?+

Docker requires a running daemon to pull, tag, and push images. Skopeo operates directly against registry APIs without any daemon, making it faster for CI pipelines and safer in rootless environments. Skopeo also supports direct registry-to-registry copies without intermediate local storage.

Can Skopeo copy images between different cloud registries?+

Yes. Skopeo supports any OCI-compliant or Docker v2 registry. You can copy images from Docker Hub to AWS ECR, GCR, Azure ACR, Quay, Harbor, or any private registry in a single command without pulling to local storage first.

Does Skopeo support image signing and verification?+

Yes. Skopeo integrates with Sigstore and GPG signing. You can sign images during copy operations using the --sign-by flag, and verify signatures on inspect. This enables supply chain security in air-gapped or regulated environments.

How does Skopeo handle authentication to private registries?+

Skopeo reads credentials from ~/.docker/config.json or its own auth file at $XDG_RUNTIME_DIR/containers/auth.json. You can also use skopeo login to authenticate interactively, or pass --creds username:password for scripted use in CI.

What is skopeo sync used for?+

The sync subcommand mirrors entire repositories or selected tags from one registry to another, or to a local directory. It is designed for air-gapped deployments where you need an offline copy of upstream images, and it handles incremental syncing to avoid re-downloading unchanged layers.

Citations (3)

Skopeo GitHub— Skopeo performs operations on container images and registries without a daemon
Red Hat Containers— Part of the Red Hat containers ecosystem with Podman, Buildah, CRI-O
Skopeo README— Supports OCI image layout, Docker v2, and multiple transport formats

Related on TokRepo

DevOps AI tools Automation tools Self-hosted tools

Discussion

No comments yet. Be the first to share your thoughts.

Skopeo — Registry-Agnostic Container Image Toolkit

What it is

How it saves time or tokens

How to use

Example

Related on TokRepo

Common pitfalls

Frequently Asked Questions

Citations (3)

Related on TokRepo

Discussion

Related Assets

NAPI-RS — Build Node.js Native Addons in Rust

Mamba — Fast Cross-Platform Package Manager

Plasmo — The Browser Extension Framework