Scripts for easy manipulation of docker-registry from command line (and from scripts)
Branch: master
Clone or download
andrey-pohilko Merge pull request #61 from spk83/master
feat(bearer_request): support GET as auth-method
Latest commit ddd514c Dec 27, 2018


registry-cli is a script for easy manipulation of docker-registry from command line (and from scripts)

Table of Contents


Docker image

You can download ready-made docker image with the script and all python dependencies pre-installed:

    docker pull anoxis/registry-cli

In this case, replace with docker run --rm anoxis/registry-cli in all commands below, e.g.

    docker run --rm anoxis/registry-cli -r

Note: when you use the docker image and registry on the same computer (registry is on localhost), then due to internal network created by docker you have to link to the registry's network and refer registry container by its name, not localhost. E.g. your registry container is named "registry", then the command to launch registry-cli would be

    docker run --rm --link registry anoxis/registry-cli -r http://registry:5000

python script

Download and set it as executable

  chmod 755

Install dependencies:

  sudo pip install -r requirements-build.txt

Listing images

The below command will list all images and all tags in your registry: -l user:pass -r

List all images, tags and layers: -l user:pass -r --layers

List particular image(s) or image:tag (all tags of ubuntu and alpine in this example) -l user:pass -r -i ubuntu alpine

Same as above but with layers -l user:pass -r -i ubuntu alpine --layers

Username and password

It is optional, you can omit it in case if you use insecure registry without authentication (up to you, but its really insecure; make sure you protect your entire registry from anyone)

username and password pair can be provided in the following forms

  -l username:password
  -l 'username':'password'
  -l "username":"password"

Username cannot contain colon (':') (I don't think it will contain ever, but anyway I warned you). Password, in its turn, can contain as many colons as you wish.

Deleting images

Keep only last 10 versions (useful for CI): Delete all tags of all images but keep last 10 tags (you can put this command to your build script after building images) -l user:pass -r --delete

If number of tags is less than 10 it will not delete any

You can change the number of tags to keep, e.g. 5: -l user:pass -r --delete --num 5

You may also specify tags to be deleted using a list of regexp based names. The following command would delete all tags containing "snapshot-" and beginning with "stable-" and a 4 digit number: -l user:pass -r --delete --tags-like "snapshot-" "^stable-[0-9]{4}.*"

As one manifest may be referenced by more than one tag, you may add tags, whose manifests should NOT be deleted. A tag that would otherwise be deleted, but whose manifest references one of those "kept" tags, is spared for deletion. In the following case, all tags beginning with "snapshot-" will be deleted, save those whose manifest point to "stable" or "latest": -l user:pass -r --delete --tags-like "snapshot-" --keep-tags "stable" "latest"

The last parameter is also available as regexp option with --keep-tags-like.

Delete all tags for particular image (e.g. delete all ubuntu tags): -l user:pass -r -i ubuntu --delete-all

Delete all tags for all images (do you really want to do it?): -l user:pass -r --delete-all --dry-run

Delete all tags by age in hours for the particular image (e.g. older than 24 hours, with --keep-tags and --keep-tags-like options, --dry-run for safe). -r -i api-docs-origin/master --dry-run --delete-by-hours 24 --keep-tags c59c02c25f023263fd4b5d43fc1ff653f08b3d4x --keep-tags-like late

Note that deleting by age will not prevent more recent tags from being deleted if there are more than 10 (or specified --num value). In order to keep all tags within a designated period, use the --keep-by-hours flag: -r --dry-run --delete --keep-by-hours 72 --keep-tags-like latest

Disable ssl verification

If you are using docker registry with a self signed ssl certificate, you can disable ssl verification: -l user:pass -r --no-validate-ssl

Nexus docker registry

Add --digest-method flag -l user:pass -r --digest-method GET

Important notes:

garbage-collection in docker-registry

  1. docker registry API does not actually delete tags or images, it marks them for later garbage collection. So, make sure you run something like below (or put them in your crontab):
  cd [path-where-your-docker-compose.yml]
  docker-compose stop registry
  docker-compose run --rm \
       registry bin/registry garbage-collect \
  docker-compose up -d registry

or (if you are not using docker-compose):

  docker stop registry:2
  docker run --rm registry:2 bin/registry garbage-collect \
  docker start registry:2

for more detail on garbage collection read here:

enable image deletion in docker-registry

Make sure to enable it by either creating environment variable REGISTRY_STORAGE_DELETE_ENABLED: "true" or adding relevant configuration option to the docker-registry's config.yml. For more on docker-registry configuration, read here:

You may get Error 405 message from script (Functionality not supported) when this option is not enabled.


You are very welcome to contribute to this script. Of course, when making changes, please include your changes into and run tests to check that your changes do not break existing functionality.

For tests to work, more libraries are needed

  pip install -r requirements-ci.txt

Running tests is as simple as


Test will print few error messages, like so

Testing started at 9:31 AM ...
  tag digest not found: 400
error 400

this is ok, because test simulates invalid inputs also.


Please feel free to contact me at if you wish to add more functionality or want to contribute.