Podman can push and pull arbitrary OCI artifacts, not just container images.
Let’s see it in action. Imagine you have a simple text file you want to store and retrieve using the OCI artifact registry.
# Create a dummy artifact
echo "This is my secret sauce!" > my-data.txt
# Create an OCI artifact from the file
podman manifest create my-app-artifact:v1.0
# Add the file as an artifact to the manifest
podman manifest add my-app-artifact:v1.0 ./my-data.txt
# Inspect the manifest to see its contents
podman manifest inspect my-app-artifact:v1.0
The podman manifest inspect command will show you a JSON structure representing the artifact. Notice how it includes details about the file’s media type, size, and digest, much like an image layer.
Now, let’s push this artifact to a registry. For this example, we’ll use a local registry.
# Start a local registry (if you don't have one running)
podman run -d -p 5000:5000 --name registry registry:2
# Tag the artifact for the registry
podman manifest tag my-app-artifact:v1.0 localhost:5000/my-app-artifact:v1.0
# Push the artifact
podman manifest push localhost:5000/my-app-artifact:v1.0
The push operation uploads the my-data.txt file, along with its metadata, to your registry.
To prove it works, let’s simulate pulling this artifact to a different location or system. First, we’ll remove the local artifact and then pull it back.
# Remove the local artifact
podman manifest rm my-app-artifact:v1.0
# Pull the artifact from the registry
podman manifest pull localhost:5000/my-app-artifact:v1.0
# Inspect the pulled artifact
podman manifest inspect my-app-artifact:v1.0
You’ll see the my-app-artifact:v1.0 manifest reappear, and you can then extract its contents.
# Create a directory to extract the artifact into
mkdir extracted-data
cd extracted-data
# Extract the artifact
podman manifest extract my-app-artifact:v1.0 --all
This will recreate my-data.txt in the extracted-data directory.
The core problem this solves is providing a standardized, content-addressable way to store and distribute arbitrary data using the same infrastructure and tooling that powers container images. Instead of relying on separate artifact repositories like Nexus or Artifactory for every type of build output, you can leverage OCI registries. This is particularly powerful for distributing things like Helm charts, WebAssembly modules, or even configuration files that need to be versioned and retrieved reliably. Podman’s manifest command is the key; it allows you to group multiple OCI blobs (which can be any file) into a single, identifiable manifest, which is then what gets pushed and pulled. The registry then treats these manifests and their associated blobs as opaque OCI content.
What most people don’t realize is that the media type of an artifact is crucial. When you add a file to a manifest, Podman tries to infer a media type, but for custom artifacts, you might need to explicitly set it. For example, application/vnd.mycompany.config.v1+plain is a valid custom media type. This allows consumers of the artifact to understand what they’re dealing with. When you push an artifact, the registry stores it as a blob identified by its digest. The manifest then contains references to these blobs, along with their media types and digests. This ensures that even if you have multiple files with the same content but different intended uses, they are uniquely identified.
The next concept to explore is signing OCI artifacts, ensuring their integrity and provenance.