Skip to content



DevSecOps for Airgap


Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.

zarf COMMAND [flags]


-a, --architecture string Architecture for OCI images and Zarf packages
-h, --help help for zarf
--insecure Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture.
-l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info")
--no-color Disable colors in output
--no-log-file Disable log file creation
--no-progress Disable fancy UI progress bars, spinners, logos, etc
--tmpdir string Specify the temporary directory to use for intermediate files
--zarf-cache string Specify the location of the Zarf cache directory (default "~/.zarf-cache")


  • zarf completion - Generate the autocompletion script for the specified shell
  • zarf connect - Accesses services or pods deployed in the cluster
  • zarf destroy - Tears down Zarf and removes its components from the environment
  • zarf dev - Commands useful for developing packages
  • zarf init - Prepares a k8s cluster for the deployment of Zarf packages
  • zarf package - Zarf package commands for creating, deploying, and inspecting packages
  • zarf tools - Collection of additional tools to make airgap easier
  • zarf version - Shows the version of the running Zarf binary