Skip to content

zarf package create

zarf package create

Creates a Zarf package from a given directory or the current directory


Builds an archive of resources and dependencies defined by the ‘zarf.yaml’ in the specified directory. Private registries and repositories are accessed via credentials in your local ‘/.docker/config.json’, ‘/.git-credentials’ and ’~/.netrc’.

zarf package create [ DIRECTORY ] [flags]


--confirm Confirm package creation without prompting
--differential string [beta] Build a package that only contains the differential changes from local resources and differing remote resources from the specified previously built package
-f, --flavor string The flavor of components to include in the resulting package (i.e. have a matching or empty "only.flavor" key)
-h, --help help for create
-m, --max-package-size int Specify the maximum size of the package in megabytes, packages larger than this will be split into multiple parts to be loaded onto smaller media (i.e. DVDs). Use 0 to disable splitting.
-o, --output string Specify the output (either a directory or an oci:// URL) for the created Zarf package
--registry-override stringToString Specify a map of domains to override on package create when pulling images (e.g. --registry-override (default [])
--retries int Number of retries to perform for Zarf deploy operations like git/image pushes or Helm installs (default 3)
-s, --sbom View SBOM contents after creating the package
--sbom-out string Specify an output directory for the SBOMs from the created Zarf package
--set stringToString Specify package variables to set on the command line (KEY=value) (default [])
--signing-key string Path to private key file for signing packages
--signing-key-pass string Password to the private key file used for signing packages
--skip-sbom Skip generating SBOM for this package

Options inherited from parent commands

-a, --architecture string Architecture for OCI images and Zarf packages
--insecure Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture.
-l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info")
--no-color Disable colors in output
--no-log-file Disable log file creation
--no-progress Disable fancy UI progress bars, spinners, logos, etc
--oci-concurrency int Number of concurrent layer operations to perform when interacting with a remote package. (default 3)
--tmpdir string Specify the temporary directory to use for intermediate files
--zarf-cache string Specify the location of the Zarf cache directory (default "~/.zarf-cache")


  • zarf package - Zarf package commands for creating, deploying, and inspecting packages