I have a question. When I use the following command to encrypt the original oci:alpine image and push it to oci:alpine-encrypted, will there be cache information of the oci:alpine image on the server that executes the skopeo command? For example, if the image is particularly large and has several gigabytes, will it also occupy several gigabytes of space on my server?

skopeo copy --insecure-policy --encryption-key provider:attestation-agent:84688df7-2c0c-40fa-956b-29d8e74d16c0 docker://ip:port/oci:alpine  docker://ip:port/oci:alpine-encrypted 

When I execute the above command, the following content will be output

Getting image source signatures
Copying blob 0024a2c530b4 done
Copying blob 9daale3d26a2 done
Copying blob 1156fddcca03i done
Copying blob b9b561b89b56 done
Copying blob 9072dc418be4done
Copying blob b3e1db0c74bc done
Copying blob 04acd16dbba4 done
Copying blob b5f1db7bb739 done
Copying blob e2dd0a668fb3done
Copying blob 9345ba057d72done
Copying blob f1d0b65d3975 done
Copying blob 20a511e2ca62done
Copying blob bee6f4a3f3f6done
Copying blob 9b27e879ca89done
Copying blob 7716377871addone
Copying blob fd49f7266ee9done
Copying config 94fb65a5fe [======]10Kb
Writing manifest to image destination
Storing signatures

I see that the log output includes Copying and Writing, so I have a feeling that the image will be copied to the local first.

Thanks for reaching out.

That should be a streaming copy, with minimal memory requirements (a few megabytes, for compression buffers, at most) and ~zero disk writes. (There may remain a metadata record in local files, so it is not exactly zero disk writes, but the cost should be pretty trivial, on the order of kilobytes.)

thanks for your answer