Skip to content

zarf package inspect manifests

zarf package inspect manifests

Template and output all manifests and charts in a package

zarf package inspect manifests [ PACKAGE ] [flags]

Examples

# Show templated manifests for a local package tarball
$ zarf package inspect manifests zarf-package-my-app-amd64-1.0.0.tar.zst
# Show manifests for a package in an OCI registry (requires oci:// scheme)
$ zarf package inspect manifests oci://ghcr.io/my-org/my-package:1.0.0

Options

--certificate-identity string Required identity claim in the signing certificate (keyless verify). Example: signer@example.com or https://github.com/org/repo/.github/workflows/release.yml@refs/heads/main
--certificate-identity-regexp string Regex variant of --certificate-identity
--certificate-oidc-issuer string Required OIDC issuer claim in the signing certificate (keyless verify). Example: https://github.com/login/oauth or https://token.actions.githubusercontent.com
--certificate-oidc-issuer-regexp string Regex variant of --certificate-oidc-issuer
--components string comma separated list of components to show manifests for
-h, --help help for manifests
--insecure-ignore-tlog Skip Rekor transparency log inclusion verification. Default true for air-gap. Auto-disabled when keyless identity flags are set (keyless signatures require Rekor inclusion proof to remain verifiable past certificate expiry). (default true)
-k, --key string Path to public key file for validating signed packages
--kube-version string Override the default helm template KubeVersion when performing a package chart template
--oci-concurrency int Number of concurrent layer operations when pulling or pushing images or packages to/from OCI registries. (default 6)
--set-values stringToString Specify deployment package values to set on the command line (key.path=value). (default [])
--set-variables stringToString Specify deployment variables to set on the command line (KEY=value) (default [])
--trusted-root string Path to a Sigstore TrustedRoot JSON. Falls back to the binary-embedded copy when omitted.
--use-signed-timestamps Verify RFC3161 signed timestamps in the bundle. Auto-enabled when the bundle contains TSA timestamp data. Use when signing was done with --tsa-server-url and Rekor was not used.
-v, --values strings [alpha] Values files to use for templating and Helm overrides. Multiple files can be passed in as a comma separated list, and the flag can be provided multiple times.
--verify verifyMode[=always] Signature verification mode (always|if-possible|never). (default if-possible)

Options inherited from parent commands

-a, --architecture string Architecture for OCI images and Zarf packages
--cache string Specify the location of the Zarf cache directory (default "~/.zarf-cache")
--features stringToString Provide a comma-separated list of feature names to bools to enable or disable. Ex. --features "foo=true,bar=false,baz=true" (default [])
--insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
--log-format string Select a logging format. Defaults to 'console'. Valid options are: 'console', 'json', 'dev'. (default "console")
-l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info")
--no-color Disable terminal color codes in logging and stdout prints.
--plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
--tmpdir string Specify the temporary directory to use for intermediate files

SEE ALSO