tldr; Some cool things you can do with Zarf that are not strictly Zarf related.


In a resource and tool constrained environment, you use the tools you have in a variety of ways they were not strictly designed for (like connecting a tablet to a video transcoder then sending that video feed across a mesh networked radio link to a receiver a kilometer away on a rooftop to hook into a fiber network to stream realtime drone footage to a command center).

In the same vein, Zarf has a variety of features that are not strictly single purpose.

zarf prepare sha256sum

This command will generate a sha256sum file for a given file (just like the sha256sum command). This is useful for verifying the integrity of a file after it has been transferred to another system (if you brought the checksum with you).

zarf tools

Zarf comes pre-loaded with a bunch of utilities and vendored CLIs. You can see the full list with zarf tools. You can also run any of these tools directly from Zarf with zarf run <tool> <args>.

  • crane (alias:registry)
  • kubectl/wait-for
  • k9s (alias:monitor)
  • archiver

Some tools like kubectl and k9s require no explanation, but others are less obvious.


Crane's docs

crane is a CLI for interacting with container registries. It can be used to push and pull images to and from registries, but it can also be used to inspect registries and their contents (as well as log into them w/ zarf tools registry login).


Archiver's docs

archiver is a CLI+library for interacting with archives. It can be used to create and extract archives of various formats (tar, zip, etc).


# unpack a zarf package to do some manual inspection
$ zarf tools archiver decompress zarf-package-cool-arm64-0.0.1.tar.zst cool-unpacked

$ rm zarf-package-cool-arm64-0.0.1.tar.zst

# re-pack it up (note the `/.` at the end, this is to ensure the archive is created with the correct root)
$ zarf tools archiver compress cool-unpacked/. cool-arm64-0.0.1.tar.zst

Zarf as a script runner

It is worth mentioning that in essense, Zarf component actions are really just scripts w/ some special sauce cooked up by Jeff.

If you really wanted to, you could define a component or even package that just contains scripts and run them with zarf package deploy <path> --components=<script-name>.

You could also define a package or a component that is only scripts and wait-for actions and create a deployment validator for a non Zarf deployment (with wait-for and kubectl available nearly nothing is out of reach).

Zarf as a package manager

Technically with the advent of publishing packages to a registry, Zarf is a package manager. Using the files noun, you can pull packages from a registry with zarf package pull <ref>, then you could use zarf tools archiver decompress to unpack the package and move things manually, or setup an install (onDeploy) action to do it for you.

This means that if you have access to a OCI registry, you can move files around with Zarf (dont't forget to take advantage of upload/download concurrency w/ the --oci-concurrency <n> flag).


Zarf is a project that will keep on giving. While I do not condone some of the things I have mentioned in this post, I do think it is important to understand the full scope of what Zarf is capable of, and understand that any tool used in the right way can be a force multiplier in ways the Zarf team never intended.

It's not a bug, it's an unintended cost-free feature.