azure-containerregistry-py
skill✓Azure Container Registry SDK for Python. Use for managing container images, artifacts, and repositories. Triggers: "azure-containerregistry", "ContainerRegistryClient", "container images", "docker registry", "ACR".
apm::install
apm install @microsoft/azure-containerregistry-pyapm::skill.md
---
name: azure-containerregistry-py
description: |
Azure Container Registry SDK for Python. Use for managing container images, artifacts, and repositories.
Triggers: "azure-containerregistry", "ContainerRegistryClient", "container images", "docker registry", "ACR".
package: azure-containerregistry
---
# Azure Container Registry SDK for Python
Manage container images, artifacts, and repositories in Azure Container Registry.
## Installation
```bash
pip install azure-containerregistry
```
## Environment Variables
```bash
AZURE_CONTAINERREGISTRY_ENDPOINT=https://<registry-name>.azurecr.io
```
## Authentication
### Entra ID (Recommended)
```python
from azure.containerregistry import ContainerRegistryClient
from azure.identity import DefaultAzureCredential
client = ContainerRegistryClient(
endpoint=os.environ["AZURE_CONTAINERREGISTRY_ENDPOINT"],
credential=DefaultAzureCredential()
)
```
### Anonymous Access (Public Registry)
```python
from azure.containerregistry import ContainerRegistryClient
client = ContainerRegistryClient(
endpoint="https://mcr.microsoft.com",
credential=None,
audience="https://mcr.microsoft.com"
)
```
## List Repositories
```python
client = ContainerRegistryClient(endpoint, DefaultAzureCredential())
for repository in client.list_repository_names():
print(repository)
```
## Repository Operations
### Get Repository Properties
```python
properties = client.get_repository_properties("my-image")
print(f"Created: {properties.created_on}")
print(f"Modified: {properties.last_updated_on}")
print(f"Manifests: {properties.manifest_count}")
print(f"Tags: {properties.tag_count}")
```
### Update Repository Properties
```python
from azure.containerregistry import RepositoryProperties
client.update_repository_properties(
"my-image",
properties=RepositoryProperties(
can_delete=False,
can_write=False
)
)
```
### Delete Repository
```python
client.delete_repository("my-image")
```
## List Tags
```python
for tag in client.list_tag_properties("my-image"):
print(f"{tag.name}: {tag.created_on}")
```
### Filter by Order
```python
from azure.containerregistry import ArtifactTagOrder
# Most recent first
for tag in client.list_tag_properties(
"my-image",
order_by=ArtifactTagOrder.LAST_UPDATED_ON_DESCENDING
):
print(f"{tag.name}: {tag.last_updated_on}")
```
## Manifest Operations
### List Manifests
```python
from azure.containerregistry import ArtifactManifestOrder
for manifest in client.list_manifest_properties(
"my-image",
order_by=ArtifactManifestOrder.LAST_UPDATED_ON_DESCENDING
):
print(f"Digest: {manifest.digest}")
print(f"Tags: {manifest.tags}")
print(f"Size: {manifest.size_in_bytes}")
```
### Get Manifest Properties
```python
manifest = client.get_manifest_properties("my-image", "latest")
print(f"Digest: {manifest.digest}")
print(f"Architecture: {manifest.architecture}")
print(f"OS: {manifest.operating_system}")
```
### Update Manifest Properties
```python
from azure.containerregistry import ArtifactManifestProperties
client.update_manifest_properties(
"my-image",
"latest",
properties=ArtifactManifestProperties(
can_delete=False,
can_write=False
)
)
```
### Delete Manifest
```python
# Delete by digest
client.delete_manifest("my-image", "sha256:abc123...")
# Delete by tag
manifest = client.get_manifest_properties("my-image", "old-tag")
client.delete_manifest("my-image", manifest.digest)
```
## Tag Operations
### Get Tag Properties
```python
tag = client.get_tag_properties("my-image", "latest")
print(f"Digest: {tag.digest}")
print(f"Created: {tag.created_on}")
```
### Delete Tag
```python
client.delete_tag("my-image", "old-tag")
```
## Upload and Download Artifacts
```python
from azure.containerregistry import ContainerRegistryClient
client = ContainerRegistryClient(endpoint, DefaultAzureCredential())
# Download manifest
manifest = client.download_manifest("my-image", "latest")
print(f"Media type: {manifest.media_type}")
print(f"Digest: {manifest.digest}")
# Download blob
blob = client.download_blob("my-image", "sha256:abc123...")
with open("layer.tar.gz", "wb") as f:
for chunk in blob:
f.write(chunk)
```
## Async Client
```python
from azure.containerregistry.aio import ContainerRegistryClient
from azure.identity.aio import DefaultAzureCredential
async def list_repos():
credential = DefaultAzureCredential()
client = ContainerRegistryClient(endpoint, credential)
async for repo in client.list_repository_names():
print(repo)
await client.close()
await credential.close()
```
## Clean Up Old Images
```python
from datetime import datetime, timedelta, timezone
cutoff = datetime.now(timezone.utc) - timedelta(days=30)
for manifest in client.list_manifest_properties("my-image"):
if manifest.last_updated_on < cutoff and not manifest.tags:
print(f"Deleting {manifest.digest}")
client.delete_manifest("my-image", manifest.digest)
```
## Client Operations
| Operation | Description |
|-----------|-------------|
| `list_repository_names` | List all repositories |
| `get_repository_properties` | Get repository metadata |
| `delete_repository` | Delete repository and all images |
| `list_tag_properties` | List tags in repository |
| `get_tag_properties` | Get tag metadata |
| `delete_tag` | Delete specific tag |
| `list_manifest_properties` | List manifests in repository |
| `get_manifest_properties` | Get manifest metadata |
| `delete_manifest` | Delete manifest by digest |
| `download_manifest` | Download manifest content |
| `download_blob` | Download layer blob |
## Best Practices
1. **Use Entra ID** for authentication in production
2. **Delete by digest** not tag to avoid orphaned images
3. **Lock production images** with can_delete=False
4. **Clean up untagged manifests** regularly
5. **Use async client** for high-throughput operations
6. **Order by last_updated** to find recent/old images
7. **Check manifest.tags** before deleting to avoid removing tagged images