Share via


az acr

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Manage private registries with Azure Container Registries.

Commands

Name Description Type Status
az acr agentpool

Manage private Tasks agent pools with Azure Container Registries.

Core Preview
az acr agentpool create

Create an agent pool for an Azure Container Registry.

Core Preview
az acr agentpool delete

Delete an agent pool.

Core Preview
az acr agentpool list

List the agent pools for an Azure Container Registry.

Core Preview
az acr agentpool show

Get the properties of a specified agent pool for an Azure Container Registry.

Core Preview
az acr agentpool update

Update an agent pool for an Azure Container Registry.

Core Preview
az acr artifact-streaming

Manage artifact streaming for any repositories or supported images in an ACR.

Core Preview
az acr artifact-streaming create

Create a referrers streaming artifact for a specific image in an ACR.

Core Preview
az acr artifact-streaming operation

Manage the streaming artifact creation operations for ACR.

Core Preview
az acr artifact-streaming operation cancel

Cancel the given streaming artifact operation for ACR.

Core Preview
az acr artifact-streaming operation show

Check the operation status for artifact streaming in an ACR.

Core Preview
az acr artifact-streaming show

Show if artifact streaming is enabled in a repository for an Azure Container Registry.

Core Preview
az acr artifact-streaming update

Enable or disable auto-creation of streaming artifacts for newly pushed images under a given registry.

Core Preview
az acr build

Queues a quick build, providing streaming logs for an Azure Container Registry.

Core GA
az acr cache

Manage cache rules in Azure Container Registries.

Core GA
az acr cache create

Create a cache rule.

Core GA
az acr cache delete

Delete a cache rule.

Core GA
az acr cache list

List the cache rules in an Azure Container Registry.

Core GA
az acr cache show

Show a cache rule.

Core GA
az acr cache update

Update the credential set on a cache rule.

Core GA
az acr check-health

Gets health information on the environment and optionally a target registry.

Core GA
az acr check-name

Checks if an Azure Container Registry name is valid and available for use.

Core GA
az acr config

Configure policies for Azure Container Registries.

Core GA
az acr config authentication-as-arm

Manage 'Azure AD authenticate as ARM' policy for Azure Container Registries.

Core Preview
az acr config authentication-as-arm show

Show the configured 'Azure AD authenticate as ARM' policy for an Azure Container Registry.

Core Preview
az acr config authentication-as-arm update

Update 'Azure AD authenticate as ARM' policy for an Azure Container Registry.

Core Preview
az acr config content-trust

Manage content-trust policy for Azure Container Registries.

Core GA
az acr config content-trust show

Show the configured content-trust policy for an Azure Container Registry.

Core GA
az acr config content-trust update

Update content-trust policy for an Azure Container Registry.

Core GA
az acr config retention

Manage retention policy for Azure Container Registries.

Core Preview
az acr config retention show

Show the configured retention policy for an Azure Container Registry.

Core Preview
az acr config retention update

Update retention policy for an Azure Container Registry.

Core Preview
az acr config soft-delete

Manage soft-delete policy for Azure Container Registries.

Core Preview
az acr config soft-delete show

Show the configured soft-delete policy for an Azure Container Registry.

Core Preview
az acr config soft-delete update

Update soft-delete policy for an Azure Container Registry.

Core Preview
az acr connected-registry

Manage connected registry resources with Azure Container Registries.

Core Preview
az acr connected-registry create

Create a connected registry for an Azure Container Registry.

Core Preview
az acr connected-registry deactivate

Deactivate a connected registry from Azure Container Registry.

Core Preview
az acr connected-registry delete

Delete a connected registry from Azure Container Registry.

Core Preview
az acr connected-registry get-settings

Retrieve information required to activate a connected registry, and creates or rotates the sync token credentials.

Core Preview
az acr connected-registry install

Help to access the necessary information for installing a connected registry. Please see https://aka.ms/acr/connected-registry for more information.

Core Preview and Deprecated
az acr connected-registry install info

Retrieve information required to activate a connected registry.

Core Preview and Deprecated
az acr connected-registry install renew-credentials

Retrieve information required to activate a connected registry, and renews the sync token credentials.

Core Preview and Deprecated
az acr connected-registry list

List all the connected registries under the current parent registry.

Core Preview
az acr connected-registry list-client-tokens

List all the client tokens associated to a specific connected registries.

Core Preview
az acr connected-registry permissions

Manage the repository permissions accross multiple connected registries. Please see https://aka.ms/acr/connected-registry for more information.

Core Preview
az acr connected-registry permissions show

Show the connected registry sync scope map information.

Core Preview
az acr connected-registry permissions update

Add and remove repository permissions accross all the necessary connected registry sync scope maps.

Core Preview
az acr connected-registry repo

Update all the necessary connected registry sync scope maps repository permissions.

Core Preview and Deprecated
az acr connected-registry show

Show connected registry details.

Core Preview
az acr connected-registry update

Update a connected registry for an Azure Container Registry.

Core Preview
az acr create

Create an Azure Container Registry.

Core GA
az acr credential

Manage login credentials for Azure Container Registries.

Core GA
az acr credential-set

Manage credential sets in Azure Container Registries.

Core GA
az acr credential-set create

Create a credential set.

Core GA
az acr credential-set delete

Delete a credential set.

Core GA
az acr credential-set list

List the credential sets in an Azure Container Registry.

Core GA
az acr credential-set show

Show a credential set.

Core GA
az acr credential-set update

Update the username or password Azure Key Vault secret ID on a credential set.

Core GA
az acr credential renew

Regenerate login credentials for an Azure Container Registry.

Core GA
az acr credential show

Get the login credentials for an Azure Container Registry.

Core GA
az acr delete

Deletes an Azure Container Registry.

Core GA
az acr encryption

Manage container registry encryption.

Core GA
az acr encryption rotate-key

Rotate (update) the container registry's encryption key.

Core GA
az acr encryption show

Show the container registry's encryption details.

Core GA
az acr export-pipeline

Manage ACR export pipelines.

Extension Preview
az acr export-pipeline create

Create an export pipeline.

Extension Preview
az acr export-pipeline delete

Delete an export pipeline.

Extension Preview
az acr export-pipeline list

List export pipelines on a Container Registry.

Extension Preview
az acr export-pipeline show

Show an export pipeline in detail.

Extension Preview
az acr helm

Manage helm charts for Azure Container Registries.

Core Deprecated
az acr helm delete

Delete a helm chart version in an Azure Container Registry.

Core Deprecated
az acr helm install-cli

Download and install Helm command-line tool.

Core Preview and Deprecated
az acr helm list

List all helm charts in an Azure Container Registry.

Core Deprecated
az acr helm push

Push a helm chart package to an Azure Container Registry.

Core Deprecated
az acr helm repo

Manage helm chart repositories for Azure Container Registries.

Core Deprecated
az acr helm repo add

Add a helm chart repository from an Azure Container Registry through the Helm CLI.

Core Deprecated
az acr helm show

Describe a helm chart in an Azure Container Registry.

Core Deprecated
az acr identity

Manage service (managed) identities for a container registry.

Core GA
az acr identity assign

Assign a managed identity to a container registry.

Core GA
az acr identity remove

Remove a managed identity from a container registry.

Core GA
az acr identity show

Show the container registry's identity details.

Core GA
az acr import

Imports an image to an Azure Container Registry from another Container Registry. Import removes the need to docker pull, docker tag, docker push. For larger images consider using --no-wait.

Core GA
az acr import-pipeline

Manage ACR import pipelines.

Extension Preview
az acr import-pipeline create

Create an import pipeline.

Extension Preview
az acr import-pipeline delete

Delete an import pipeline.

Extension Preview
az acr import-pipeline list

List import pipelines on a Container Registry.

Extension Preview
az acr import-pipeline show

Show an import pipeline in detail.

Extension Preview
az acr list

Lists all the container registries under the current subscription.

Core GA
az acr login

Log in to an Azure Container Registry through the Docker CLI.

Core GA
az acr manifest

Manage artifact manifests in Azure Container Registries.

Core Preview
az acr manifest delete

Delete a manifest in an Azure Container Registry.

Core Preview
az acr manifest list

List the manifests in a repository in an Azure Container Registry.

Core Preview
az acr manifest list-deleted

List the soft-deleted manifests in a repository in an Azure Container Registry.

Core Preview
az acr manifest list-deleted-tags

List the soft-deleted tags in a repository in an Azure Container Registry.

Core Preview
az acr manifest list-metadata

List the metadata of the manifests in a repository in an Azure Container Registry.

Core Preview
az acr manifest list-referrers

List the referrers to a manifest in an Azure Container Registry.

Core Preview
az acr manifest metadata

Manage artifact manifest metadata in Azure Container Registries.

Core Preview and Deprecated
az acr manifest metadata list

List the metadata of the manifests in a repository in an Azure Container Registry.

Core Preview and Deprecated
az acr manifest metadata show

Get the metadata of an artifact in an Azure Container Registry.

Core Preview and Deprecated
az acr manifest metadata update

Update the manifest metadata of an artifact in an Azure Container Registry.

Core Preview and Deprecated
az acr manifest restore

Restore a soft-deleted artifact and tag in an Azure Container Registry.

Core Preview
az acr manifest show

Get a manifest in an Azure Container Registry.

Core Preview
az acr manifest show-metadata

Get the metadata of an artifact in an Azure Container Registry.

Core Preview
az acr manifest update-metadata

Update the manifest metadata of an artifact in an Azure Container Registry.

Core Preview
az acr network-rule

Manage network rules for Azure Container Registries.

Core GA
az acr network-rule add

Add a network rule.

Core GA
az acr network-rule list

List network rules.

Core GA
az acr network-rule remove

Remove a network rule.

Core GA
az acr pack

Manage Azure Container Registry Tasks that use Cloud Native Buildpacks.

Core Preview
az acr pack build

Queues a quick build task that builds an app and pushes it into an Azure Container Registry.

Core Preview
az acr pipeline-run

Manage ACR import and export pipeline-runs.

Extension Preview
az acr pipeline-run clean

Delete all failed pipeline-runs on the registry.

Extension Preview
az acr pipeline-run create

Create a pipeline-run.

Extension Preview
az acr pipeline-run delete

Delete a pipeline-run.

Extension Preview
az acr pipeline-run list

List pipeline-runs of all pipelines on a container registry.

Extension Preview
az acr pipeline-run show

Show a pipeline-run in detail.

Extension Preview
az acr private-endpoint-connection

Manage container registry private endpoint connections.

Core GA
az acr private-endpoint-connection approve

Approve a private endpoint connection request for a container registry.

Core GA
az acr private-endpoint-connection delete

Delete a private endpoint connection request for a container registry.

Core GA
az acr private-endpoint-connection list

List all private endpoint connections to a container registry.

Core GA
az acr private-endpoint-connection reject

Reject a private endpoint connection request for a container registry.

Core GA
az acr private-endpoint-connection show

Show details of a container registry's private endpoint connection.

Core GA
az acr private-link-resource

Manage registry private link resources.

Core GA
az acr private-link-resource list

List the private link resources supported for a registry.

Core GA
az acr query

Query the content in an ACR using Kusto Query Language.

Extension GA
az acr replication

Manage geo-replicated regions of Azure Container Registries.

Core GA
az acr replication create

Create a replicated region for an Azure Container Registry.

Core GA
az acr replication delete

Delete a replicated region from an Azure Container Registry.

Core GA
az acr replication list

List all of the regions for a geo-replicated Azure Container Registry.

Core GA
az acr replication show

Get the details of a replicated region.

Core GA
az acr replication update

Updates a replication.

Core GA
az acr repository

Manage repositories (image names) for Azure Container Registries.

Core GA
az acr repository delete

Delete a repository or image in an Azure Container Registry.

Core GA
az acr repository list

List repositories in an Azure Container Registry.

Core GA
az acr repository list-deleted

List soft-deleted repositories in an Azure Container Registry.

Core Preview
az acr repository show

Get the attributes of a repository or image in an Azure Container Registry.

Core GA
az acr repository show-manifests

Show manifests of a repository in an Azure Container Registry.

Core Deprecated
az acr repository show-tags

Show tags for a repository in an Azure Container Registry.

Core GA
az acr repository untag

Untag an image in an Azure Container Registry.

Core GA
az acr repository update

Update the attributes of a repository or image in an Azure Container Registry.

Core GA
az acr run

Queues a quick run providing streamed logs for an Azure Container Registry.

Core GA
az acr scope-map

Manage scope access maps for Azure Container Registries.

Core GA
az acr scope-map create

Create a scope map for an Azure Container Registry.

Core GA
az acr scope-map delete

Delete a scope map for an Azure Container Registry.

Core GA
az acr scope-map list

List all scope maps for an Azure Container Registry.

Core GA
az acr scope-map show

Show details and attributes of a scope map for an Azure Container Registry.

Core GA
az acr scope-map update

Update a scope map for an Azure Container Registry.

Core GA
az acr show

Get the details of an Azure Container Registry.

Core GA
az acr show-endpoints

Display registry endpoints.

Core GA
az acr show-usage

Get the storage usage for an Azure Container Registry.

Core GA
az acr task

Manage a collection of steps for building, testing and OS & Framework patching container images using Azure Container Registries.

Core GA
az acr task cancel-run

Cancel a specified run of an Azure Container Registry.

Core GA
az acr task create

Create a series of steps for building, testing and OS & Framework patching containers. Tasks support triggers from git commits and base image updates.

Core GA
az acr task credential

Manage credentials for a task. Please see https://aka.ms/acr/tasks/cross-registry-authentication for more information.

Core GA
az acr task credential add

Add a custom registry login credential to the task.

Core GA
az acr task credential list

List all the custom registry credentials for task.

Core GA
az acr task credential remove

Remove credential for a task.

Core GA
az acr task credential update

Update the registry login credential for a task.

Core GA
az acr task delete

Delete a task from an Azure Container Registry.

Core GA
az acr task identity

Managed Identities for Task. Please see https://aka.ms/acr/tasks/task-create-managed-identity for more information.

Core GA
az acr task identity assign

Update the managed identity for a task.

Core GA
az acr task identity remove

Remove managed identities for a task.

Core GA
az acr task identity show

Display the managed identities for task.

Core GA
az acr task list

List the tasks for an Azure Container Registry.

Core GA
az acr task list-runs

List all of the executed runs for an Azure Container Registry, with the ability to filter by a specific Task.

Core GA
az acr task logs

Show logs for a particular run. If no run-id is supplied, show logs for the last created run.

Core GA
az acr task run

Manually trigger a task that might otherwise be waiting for git commits or base image update triggers.

Core GA
az acr task show

Get the properties of a named task for an Azure Container Registry.

Core GA
az acr task show-run

Get the properties of a specified run of an Azure Container Registry Task.

Core GA
az acr task timer

Manage timer triggers for a task.

Core GA
az acr task timer add

Add a timer trigger to a task.

Core GA
az acr task timer list

List all timer triggers for a task.

Core GA
az acr task timer remove

Remove a timer trigger from a task.

Core GA
az acr task timer update

Update the timer trigger for a task.

Core GA
az acr task update

Update a task for an Azure Container Registry.

Core GA
az acr task update-run

Patch the run properties of an Azure Container Registry Task.

Core GA
az acr taskrun

Manage taskruns using Azure Container Registries.

Core Preview
az acr taskrun delete

Delete a taskrun from an Azure Container Registry.

Core Preview
az acr taskrun list

List the taskruns for an Azure Container Registry.

Core Preview
az acr taskrun logs

Show run logs for a particular taskrun.

Core Preview
az acr taskrun show

Get the properties of a named taskrun for an Azure Container Registry.

Core Preview
az acr token

Manage tokens for an Azure Container Registry.

Core GA
az acr token create

Create a token associated with a scope map for an Azure Container Registry.

Core GA
az acr token credential

Manage credentials of a token for an Azure Container Registry.

Core GA
az acr token credential delete

Delete a token credential.

Core GA
az acr token credential generate

Generate or replace one or both passwords of a token for an Azure Container Registry. For using token and password to access a container registry, see https://aka.ms/acr/repo-permissions.

Core GA
az acr token delete

Delete a token for an Azure Container Registry.

Core GA
az acr token list

List all tokens for an Azure Container Registry.

Core GA
az acr token show

Show details and attributes of a token for an Azure Container Registry.

Core GA
az acr token update

Update a token (replace associated scope map) for an Azure Container Registry.

Core GA
az acr update

Update an Azure Container Registry.

Core GA
az acr webhook

Manage webhooks for Azure Container Registries.

Core GA
az acr webhook create

Create a webhook for an Azure Container Registry.

Core GA
az acr webhook delete

Delete a webhook from an Azure Container Registry.

Core GA
az acr webhook get-config

Get the service URI and custom headers for the webhook.

Core GA
az acr webhook list

List all of the webhooks for an Azure Container Registry.

Core GA
az acr webhook list-events

List recent events for a webhook.

Core GA
az acr webhook ping

Trigger a ping event for a webhook.

Core GA
az acr webhook show

Get the details of a webhook.

Core GA
az acr webhook update

Update a webhook.

Core GA

az acr build

Queues a quick build, providing streaming logs for an Azure Container Registry.

az acr build --registry
             [--agent-pool]
             [--auth-mode {Default, None}]
             [--build-arg]
             [--file]
             [--image]
             [--log-template]
             [--no-format]
             [--no-logs]
             [--no-push]
             [--no-wait]
             [--platform]
             [--resource-group]
             [--secret-build-arg]
             [--target]
             [--timeout]
             [<SOURCE_LOCATION>]

Examples

Queue a local context as a Linux build, tag it, and push it to the registry.

az acr build -t sample/hello-world:{{.Run.ID}} -r myregistry .

Queue a local context as a Linux build, tag it, and push it to the registry without streaming logs.

az acr build -t sample/hello-world:{{.Run.ID}} -r myregistry --no-logs .

Queue a local context as a Linux build without pushing it to the registry.

az acr build -t sample/hello-world:{{.Run.ID}} -r myregistry --no-push .

Queue a local context as a Linux build without pushing it to the registry.

az acr build -r myregistry .

Queue a remote GitHub context as a Windows build, tag it, and push it to the registry.

az acr build -r myregistry https://github.com/Azure/acr-builder.git -f Windows.Dockerfile --platform windows

Queue a remote OCI Artifact context build.

az acr build -r myregistry oci://myregistry.azurecr.io/myartifact:mytag

Queue a local context as a Linux build on arm/v7 architecture, tag it, and push it to the registry.

az acr build -t sample/hello-world:{{.Run.ID}} -r myregistry . --platform linux/arm/v7

Required Parameters

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--agent-pool
Preview

The name of the agent pool.

--auth-mode

Auth mode of the source registry.

Accepted values: Default, None
--build-arg

Build argument in '--build-arg name[=value]' format. Multiples are supported by passing '--build-arg name[=value]' multiple times. IMPORTANT: This parameter should not include passwords, access tokens, or sensitive information of any kind. This parameter value will be visible to the ACR team for debugging purposes.

--file -f

The relative path of the the docker file to the source code root folder. Default to 'Dockerfile'.

--image -t

The name and tag of the image using the format: '-t repo/image:tag'. Multiple tags are supported by passing -t multiple times.

--log-template
Preview

The repository and tag template for run log artifact using the format: 'log/repo:tag' (e.g., 'acr/logs:{{.Run.ID}}'). Only applicable to CMK enabled registry.

--no-format

Indicates whether the logs should be displayed in raw format.

Default value: False
--no-logs

Do not show logs after successfully queuing the build.

Default value: False
--no-push

Indicates whether the image built should be pushed to the registry.

Default value: False
--no-wait

Do not wait for the build to complete and return immediately after queuing the build.

Default value: False
--platform

The platform where build/task is run, Eg, 'windows' and 'linux'. When it's used in build commands, it also can be specified in 'os/arch/variant' format for the resulting image. Eg, linux/arm/v7. The 'arch' and 'variant' parts are optional.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--secret-build-arg

Secret build argument in '--secret-build-arg name[=value]' format. Multiples are supported by passing '--secret-build-arg name[=value]' multiple times. This parameter value is not surfaced to the ACR team and is more suitable for sensitive information.

--target

The name of the target build stage.

--timeout

The timeout in seconds.

<SOURCE_LOCATION>

The local source code directory path (e.g., './src'), or the URL to a git repository (e.g., 'https://github.com/Azure-Samples/acr-build-helloworld-node.git') or a remote tarball (e.g., 'http://server/context.tar.gz'), or the repository of an OCI artifact in an Azure container registry (e.g., 'oci://myregistry.azurecr.io/myartifact:mytag').

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr check-health

Gets health information on the environment and optionally a target registry.

az acr check-health [--ignore-errors]
                    [--name]
                    [--vnet]
                    [--yes]

Examples

Gets health state with target registry 'myregistry', skipping confirmation for pulling image.

az acr check-health -n myregistry -y

Gets health state of the environment, without stopping on first error.

az acr check-health --ignore-errors

Optional Parameters

--ignore-errors

Provide all health checks, even if errors are found.

Default value: False
--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

--vnet

Virtual network ID so to run this command inside a VNET to verify the DNS routing to private endpoints.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr check-name

Checks if an Azure Container Registry name is valid and available for use.

az acr check-name --name

Examples

Check if a registry name already exists.

az acr check-name -n doesthisnameexist

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr create

Create an Azure Container Registry.

az acr create --name
              --resource-group
              --sku {Basic, Premium, Standard}
              [--admin-enabled {false, true}]
              [--allow-exports {false, true}]
              [--allow-metadata-search {false, true}]
              [--allow-trusted-services {false, true}]
              [--default-action {Allow, Deny}]
              [--identity]
              [--key-encryption-key]
              [--location]
              [--public-network-enabled {false, true}]
              [--tags]
              [--workspace]
              [--zone-redundancy {Disabled, Enabled}]

Examples

Create a managed container registry with the Standard SKU.

az acr create -n myregistry -g MyResourceGroup --sku Standard

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sku

The SKU of the container registry.

Accepted values: Basic, Premium, Standard

Optional Parameters

--admin-enabled

Indicates whether the admin user is enabled.

Accepted values: false, true
Default value: False
--allow-exports
Preview

Configure exportPolicy to allow/disallow artifacts from being exported from this registry. Artifacts can be exported via import or transfer operations. For more information, please visit https://aka.ms/acr/export-policy.

Accepted values: false, true
--allow-metadata-search
Preview

Enable or disable the metadata-search feature for the registry. If not specified, this is set to disabled by default.

Accepted values: false, true
--allow-trusted-services
Preview

Allow trusted Azure Services to access network restricted registries. For more information, please visit https://aka.ms/acr/trusted-services. The Default is to allow.

Accepted values: false, true
--default-action

Default action to apply when no rule matches. Only applicable to Premium SKU.

Accepted values: Allow, Deny
--identity

Use assigned managed identity resource id or name if in the same resource group.

--key-encryption-key

Key vault key uri. To enable automated rotation, provide a version-less key uri. For manual rotation, provide a versioned key uri.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--public-network-enabled

Allow public network access for the container registry. The Default is to allow.

Accepted values: false, true
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--workspace
Preview

Name or ID of the Log Analytics workspace to send registry diagnostic logs to. All events will be enabled. You can use "az monitor log-analytics workspace create" to create one. Extra billing may apply.

--zone-redundancy
Preview

Indicates whether or not zone redundancy should be enabled for this registry or replication. For more information, such as supported locations, please visit https://aka.ms/acr/az. Zone-redundancy cannot be updated. Defaults to 'Disabled'.

Accepted values: Disabled, Enabled
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr delete

Deletes an Azure Container Registry.

az acr delete --name
              [--resource-group]
              [--yes]

Examples

Delete an Azure Container Registry.

az acr delete -n myregistry

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr import

Imports an image to an Azure Container Registry from another Container Registry. Import removes the need to docker pull, docker tag, docker push. For larger images consider using --no-wait.

az acr import --name
              --source
              [--force]
              [--image]
              [--no-wait]
              [--password]
              [--registry]
              [--repository]
              [--resource-group]
              [--username]

Examples

Import an image from 'sourceregistry' to 'myregistry'. The image inherits its source repository and tag names.

az acr import -n myregistry --source sourceregistry.azurecr.io/sourcerepository:sourcetag

Import an image from a public repository on Docker Hub. The image uses the specified repository and tag names.

az acr import -n myregistry --source docker.io/library/hello-world:latest -t targetrepository:targettag

Import an image from a private repository using its username and password. This also applies to registries outside Azure.

az acr import -n myregistry --source myprivateregistry.azurecr.io/hello-world:latest -u username -p password

Import an image from an Azure container registry in a different subscription.

az acr import -n myregistry --source sourcerepository:sourcetag -t targetrepository:targettag \
    -r /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sourceResourceGroup/providers/Microsoft.ContainerRegistry/registries/sourceRegistry

Import an image without waiting for successful completion. Failures during import will not be reflected. Run `az acr repository show-tags` to confirm that import succeeded.

az acr import -n myregistry --source sourceregistry.azurecr.io/sourcerepository:sourcetag --no-wait

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

--source

Source image name or fully qualified source containing the registry login server. If --registry is used, --source will always be interpreted as a source image, even if it contains the login server.

Optional Parameters

--force

Overwrite the existing tag of the image to be imported.

Default value: False
--image -t

The name and tag of the image using the format: '-t repo/image:tag'. Multiple tags are supported by passing -t multiple times.

--no-wait

Do not wait for the import to complete and return immediately after queuing the import.

Default value: False
--password -p

The password of source container registry.

--registry -r

The source Azure container registry. This can be name, login server or resource ID of the source registry.

--repository

The repository name for a manifest-only copy of images. Multiple copies supported by passing --repository multiple times.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--username -u

The username of source container registry.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr list

Lists all the container registries under the current subscription.

az acr list [--resource-group]

Examples

List container registries and show the results in a table, across multiple resource groups.

az acr list -o table

List container registries in a resource group and show the results in a table.

az acr list -g MyResourceGroup -o table

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr login

Log in to an Azure Container Registry through the Docker CLI.

Docker must be installed on your machine. Once done, use 'docker logout ' to log out. (If you only need an access token and do not want to install Docker, specify '--expose-token').

az acr login --name
             [--expose-token]
             [--password]
             [--resource-group]
             [--suffix]
             [--username]

Examples

Log in to an Azure Container Registry

az acr login -n myregistry

Get an Azure Container Registry access token

az acr login -n myregistry --expose-token

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--expose-token -t

Expose access token instead of automatically logging in through Docker CLI.

Default value: False
--password -p

The password used to log into a container registry.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--suffix

The tenant suffix in registry login server. You may specify '--suffix tenant' if your registry login server is in the format 'registry-tenant.azurecr.io'. Applicable if you're accessing the registry from a different subscription or you have permission to access images but not the permission to manage the registry resource.

--username -u

The username used to log into a container registry.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr query

Query the content in an ACR using Kusto Query Language.

Query for artifacts and images in an Azure Container Registry using the Kusto Query Language. OCI manifest properties such as digest, subject, annotations, etc. can be used to query, filter, and order search results.

az acr query --kql-query
             --name
             [--password]
             [--repository]
             [--skip-token]
             [--username]

Examples

Fetch a single manifest

az acr query -n $MyRegistry -q "Manifests | limit 1"

Count all manifests in repository $RepositoryName

az acr query -n $MyRegistry -q "Manifests" -o table

List all manifests in repository $RepositoryName in order of creation date

az acr query -n $MyRegistry --repository $RepositoryName -q "Manifests | order by createdAt desc"

Query for all digests signed by $Signature in the repository $RepositoryName

az acr query -n $MyRegistry --repository $RepositoryName -q "Manifests | where annotations['org.cncf.notary.signature.subject'] == $Signature | project createdAt, digest, subject"

Query for the digests in a registry using a skip token and sort by digest (for results with pagination)

az acr query -n $MyRegistry -q "Manifests | project digest | order by digest asc" --skip-token eyAibm8iOiAibHVjayIsICJidXQiOiAibmljZSIsICJ0cnkiOiAiISIgfQ==

Required Parameters

--kql-query -q

The KQL query to execute.

--name -n

The name of the container registry that the query is run against.

Optional Parameters

--password -p

Registry password.

--repository

The repository that the query is run against. If no repository is provided, the query is run at the registry level.

--skip-token

Skip token to get the next page of the query if applicable.

--username -u

Registry username.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr run

Queues a quick run providing streamed logs for an Azure Container Registry.

az acr run --registry
           [--agent-pool]
           [--auth-mode {Default, None}]
           [--cmd]
           [--file]
           [--log-template]
           [--no-format]
           [--no-logs]
           [--no-wait]
           [--platform]
           [--resource-group]
           [--set]
           [--set-secret]
           [--timeout]
           [--values]
           [<SOURCE_LOCATION>]

Examples

Queue a run to execute a container command.

az acr run -r myregistry --cmd '$Registry/myimage' /dev/null

Queue a run with the task definition from the standard input. Either 'Ctrl + Z'(Windows) or 'Ctrl + D'(Linux) terminates the input stream.

az acr run -r myregistry -f - /dev/null

Queue a run to execute the tasks passed through the pipe.

cat task.yaml | az acr run -r myregistry -f - /dev/null

Queue a local context, pushed to ACR with streaming logs.

az acr run -r myregistry -f bash-echo.yaml ./workspace

Queue a remote git context with streaming logs.

az acr run -r myregistry https://github.com/Azure-Samples/acr-tasks.git -f hello-world.yaml

Queue a remote git context with streaming logs and runs the task on Linux platform.

az acr run -r myregistry https://github.com/Azure-Samples/acr-tasks.git -f build-hello-world.yaml --platform linux

Queue a remote OCI Artifact context and runs the task.

az acr run -r myregistry oci://myregistry.azurecr.io/myartifact:mytag -f hello-world.yaml

Required Parameters

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--agent-pool
Preview

The name of the agent pool.

--auth-mode

Auth mode of the source registry.

Accepted values: Default, None
--cmd

Commands to execute. This also supports additional docker run parameters (https://docs.docker.com/engine/reference/commandline/run/) or even other docker commands (https://docs.docker.com/engine/reference/commandline/docker/).

--file -f

The task template/definition file path relative to the source context. It can be '-' to pipe a file from the standard input.

--log-template
Preview

The repository and tag template for run log artifact using the format: 'log/repo:tag' (e.g., 'acr/logs:{{.Run.ID}}'). Only applicable to CMK enabled registry.

--no-format

Indicates whether the logs should be displayed in raw format.

Default value: False
--no-logs

Do not show logs after successfully queuing the build.

Default value: False
--no-wait

Do not wait for the run to complete and return immediately after queuing the run.

Default value: False
--platform

The platform where build/task is run, Eg, 'windows' and 'linux'. When it's used in build commands, it also can be specified in 'os/arch/variant' format for the resulting image. Eg, linux/arm/v7. The 'arch' and 'variant' parts are optional.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Value in 'name[=value]' format. Multiples supported by passing --set multiple times.

--set-secret

Secret value in '--set name[=value]' format. Multiples supported by passing --set multiple times.

--timeout

The timeout in seconds.

--values

The task values file path relative to the source context.

<SOURCE_LOCATION>

The local source code directory path (e.g., './src'), or the URL to a git repository (e.g., 'https://github.com/Azure-Samples/acr-build-helloworld-node.git'), or a remote tarball (e.g., 'http://server/context.tar.gz'), or the repository of an OCI artifact in an Azure container registry (e.g., 'oci://myregistry.azurecr.io/myartifact:mytag'). If '/dev/null' is specified, the value will be set to None and ignored.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr show

Get the details of an Azure Container Registry.

az acr show --name
            [--resource-group]

Examples

Get the login server for an Azure Container Registry.

az acr show -n myregistry --query loginServer

Get the details of an Azure Container Registry

az acr show --name myregistry --resource-group MyResourceGroup

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr show-endpoints

Display registry endpoints.

az acr show-endpoints --name
                      [--resource-group]

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr show-usage

Get the storage usage for an Azure Container Registry.

az acr show-usage --name
                  [--resource-group]

Examples

Get the storage usage for an Azure Container Registry.

az acr show-usage -n myregistry

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr update

Update an Azure Container Registry.

az acr update --name
              [--add]
              [--admin-enabled {false, true}]
              [--allow-exports {false, true}]
              [--allow-metadata-search {false, true}]
              [--allow-trusted-services {false, true}]
              [--anonymous-pull-enabled {false, true}]
              [--data-endpoint-enabled {false, true}]
              [--default-action {Allow, Deny}]
              [--force-string]
              [--public-network-enabled {false, true}]
              [--remove]
              [--resource-group]
              [--set]
              [--sku {Basic, Premium, Standard}]
              [--tags]

Examples

Update tags for an Azure Container Registry.

az acr update -n myregistry --tags key1=value1 key2=value2

Enable the administrator user account for an Azure Container Registry.

az acr update -n myregistry --admin-enabled true

Required Parameters

--name -n

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Default value: []
--admin-enabled

Indicates whether the admin user is enabled.

Accepted values: false, true
--allow-exports
Preview

Configure exportPolicy to allow/disallow artifacts from being exported from this registry. Artifacts can be exported via import or transfer operations. For more information, please visit https://aka.ms/acr/export-policy.

Accepted values: false, true
--allow-metadata-search
Preview

Enable or disable the metadata-search feature for the registry.

Accepted values: false, true
--allow-trusted-services
Preview

Allow trusted Azure Services to access network restricted registries. For more information, please visit https://aka.ms/acr/trusted-services.

Accepted values: false, true
--anonymous-pull-enabled

Enable registry-wide pull from unauthenticated clients.

Accepted values: false, true
--data-endpoint-enabled

Enable dedicated data endpoint for client firewall configuration.

Accepted values: false, true
--default-action

Default action to apply when no rule matches. Only applicable to Premium SKU.

Accepted values: Allow, Deny
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Default value: False
--public-network-enabled

Allow public network access for the container registry.

Accepted values: false, true
--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Default value: []
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Default value: []
--sku

The SKU of the container registry.

Accepted values: Basic, Premium, Standard
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.