diff --git a/pkg/image/oci/registry_provider.go b/pkg/image/oci/registry_provider.go
index 99054635..55b1b4f3 100644
--- a/pkg/image/oci/registry_provider.go
+++ b/pkg/image/oci/registry_provider.go
@@ -78,13 +78,6 @@ func prepareReferenceOptions(registryOptions *image.RegistryOptions) []name.Opti
 }
 
 func prepareRemoteOptions(ref name.Reference, registryOptions *image.RegistryOptions) (opts []remote.Option) {
-	if registryOptions == nil {
-		// use the Keychain specified from a docker config file.
-		log.Debugf("no registry credentials configured, using the default keychain")
-		opts = append(opts, remote.WithAuthFromKeychain(authn.DefaultKeychain))
-		return
-	}
-
 	if registryOptions.InsecureSkipTLSVerify {
 		t := &http.Transport{
 			// nolint: gosec
@@ -98,6 +91,10 @@ func prepareRemoteOptions(ref name.Reference, registryOptions *image.RegistryOpt
 	authenticator := registryOptions.Authenticator(ref.Context().RegistryStr())
 	if authenticator != nil {
 		opts = append(opts, remote.WithAuth(authenticator))
+	} else {
+		// use the Keychain specified from a docker config file.
+		log.Debugf("no registry credentials configured, using the default keychain")
+		opts = append(opts, remote.WithAuthFromKeychain(authn.DefaultKeychain))
 	}
 
 	return
diff --git a/pkg/image/source_test.go b/pkg/image/source_test.go
index 7e8f6282..5cb828ea 100644
--- a/pkg/image/source_test.go
+++ b/pkg/image/source_test.go
@@ -21,6 +21,12 @@ func TestDetectSource(t *testing.T) {
 		tarPath          string
 		tarPaths         []string
 	}{
+		{
+			name:             "podman-engine",
+			input:            "podman:something:latest",
+			source:           PodmanDaemonSource,
+			expectedLocation: "something:latest",
+		},
 		{
 			name:             "docker-archive",
 			input:            "docker-archive:a/place.tar",