opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-18 03:33:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adding encryption decryption feature

Browse Source 
Signed-off-by: Tarun1 Gupta <gupttaru@deshaw.com>
This commit is contained in:
gupttaru
2022-08-18 20:26:48 +05:30
committed by Tarun1 Gupta
parent f50ce4aea4
commit 3bb9ed4f09
19 changed files with 391 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/source/markdown/options/decryption-key.md Normal file
View File

@ -0,0 +1,7 @@
####> This option file is used in:
####> podman create, pull, run
####> If you edit this file, make sure your changes
####> are applicable to all of those.
#### **--decryption-key**=*key[:passphrase]*
The [key[:passphrase]] to be used for decryption of images. Key can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and omitted otherwise.

2
docs/source/markdown/podman-create.1.md.in
View File

@ -114,6 +114,8 @@ and specified with a _tag_.
@@option cpuset-mems
@@option decryption-key
@@option device
Note: if the user only has access rights via a group, accessing the device

2
docs/source/markdown/podman-pull.1.md.in
View File

@ -57,6 +57,8 @@ All tagged images in the repository will be pulled.
@@option creds
@@option decryption-key
@@option disable-content-trust
#### **--help**, **-h**

8
docs/source/markdown/podman-push.1.md.in
View File

@ -64,6 +64,14 @@ Note: This flag can only be set when using the **dir** transport
@@option disable-content-trust
#### **--encrypt-layer**=*layer(s)*
Layer(s) to encrypt: 0-indexed layer indices with support for negative indexing (e.g. 0 is the first layer, -1 is the last layer). If not defined, will encrypt all layers if encryption-key flag is specified.
#### **--encryption-key**=*key*
The [protocol:keyfile] specifies the encryption protocol, which can be JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material required for image encryption. For instance, jwe:/path/to/key.pem or pgp:admin@example.com or pkcs7:/path/to/x509-file.
#### **--format**, **-f**=*format*
Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.

2
docs/source/markdown/podman-run.1.md.in
View File

@ -131,6 +131,8 @@ and specified with a _tag_.
@@option cpuset-mems
@@option decryption-key
#### **--detach**, **-d**
Detached mode: run the container in the background and print the new container ID. The default is *false*.