opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-25 15:55:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/options/secret.md
Ed Santiago c9c2f644da markdown-preprocess: cross-reference where opts are used 
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.

This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.

I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-20 10:57:51 -06:00

1.4 KiB
Raw Blame History

####> This option file is used in: ####> podman create, run ####> If you edit this file, make sure your changes ####> are applicable to all of those.

--secret=secret[,opt=opt ...]

Give the container access to a secret. Can be specified multiple times.

A secret is a blob of sensitive data which a container needs at runtime but should not be stored in the image or in source control, such as usernames and passwords, TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).

When secrets are specified as type mount, the secrets are copied and mounted into the container when a container is created. When secrets are specified as type env, the secret will be set as an environment variable within the container. Secrets are written in the container at the time of container creation, and modifying the secret using podman secret commands after the container is created will not affect the secret inside the container.

Secrets and its storage are managed using the podman secret command.

Secret Options

  • type=mount|env : How the secret will be exposed to the container. Default mount.
  • target=target : Target of secret. Defaults to secret name.
  • uid=0 : UID of secret. Defaults to 0. Mount secret type only.
  • gid=0 : GID of secret. Defaults to 0. Mount secret type only.
  • mode=0 : Mode of secret. Defaults to 0444. Mount secret type only.