Skip to content
Administer repositories for an organization
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


quay-admin is pretty neat, but how do you know who has access to your repositories?

If you've got a small number of them, you can click through to each one and see who has what permissions. But if you're an organization with a large number of repositories, it's very hard to see who can access your repositories.

In particular, when someone leaves your organization, how can you be sure that they can no longer upload images?

quay-admin is a simple command-line tool that shows which users who are outside your organization have access to which repositories.

For example:

$ QUAY_TOKEN=<YOUR_TOKEN_HERE> quay-admin woofshop
- niceperson [admin]

- cooldude [admin]

- dodgybloke [admin]


$ pip install quayadmin


Everything is under the quay-admin command, which has its own help.

usage: quay-admin [-h] [--from-state FROM_STATE] [--api-root API_ROOT]
                  [--dump-state DUMP_STATE]

Show information about permissions

positional arguments:
  namespace             Namespace to look in

optional arguments:
  -h, --help            show this help message and exit
  --from-state FROM_STATE
                        If provided, get state from a file, rather
                        than an API
  --api-root API_ROOT   Root of API. Ignored if --from-state provided.
  --dump-state DUMP_STATE
                        If provided, dump state to a file. Will overwrite file
                        if it exists.

To do anything useful, you will need an access token that has permission to "Administer Repositories". See the API documentation for more information.

Running quay-admin will produce a text report of users who aren't in your organization but who do have access to your repositories. If such users exist, the script will exit with code 1.

The normal state is to gather data from However, you can save all that state with the --dump-state flag, and then load it later with --from--state. This can be useful for performing your own analysis, or developing new reporting functionality.

You can’t perform that action at this time.