podman logout: Clear Registry Credentials
podman logout deletes the cached credentials for a registry so they are not reused or left behind.
A tidy CI job logs out at the end so no auth token lingers on a shared or cached runner. podman logout --all wipes every stored credential.
What it does
podman logout removes the saved credentials for the named registry from the auth file. With --all it clears credentials for every registry. It is the cleanup counterpart to podman login.
Common usage
podman logout ghcr.io
podman logout --all
podman logout --authfile /tmp/auth.json registry.example.comOptions
| Flag | What it does |
|---|---|
| <registry> | Registry to log out of |
| -a, --all | Remove credentials for all registries |
| --authfile <path> | Operate on a specific auth file |
In CI
On persistent or cached self-hosted runners, run podman logout --all (or delete the job-scoped --authfile) at the end so a later job cannot reuse this job credentials. On ephemeral runners it is optional but harmless.
Common errors in CI
"Error: not logged into <registry>: existing credentials not found" means there was nothing cached for that host, often because login wrote to a different --authfile than logout is reading. Point both at the same file. Logging out does not invalidate the token itself; rotate the secret if it may have leaked.