summaryrefslogtreecommitdiff
path: root/docs/source/markdown
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-05-07 05:34:26 -0400
committerGitHub <noreply@github.com>2021-05-07 05:34:26 -0400
commit141ba94f9735d88a494f252ad7aa78fd4b86d8ea (patch)
tree6381cf512d4e9d99747e90004d4be024036687d8 /docs/source/markdown
parent41ac68d197b53f3c151b81e2eddbc00bcf1a117f (diff)
parent2634cb234f1500b76a2fd89351b9ad8a737a24ea (diff)
downloadpodman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.tar.gz
podman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.tar.bz2
podman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.zip
Merge pull request #10221 from ashley-cui/envsec
Add support for environment variable secrets
Diffstat (limited to 'docs/source/markdown')
-rw-r--r--docs/source/markdown/podman-create.1.md17
-rw-r--r--docs/source/markdown/podman-run.1.md17
-rw-r--r--docs/source/markdown/podman-secret-create.1.md4
3 files changed, 26 insertions, 12 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index bd2aab4c2..d59793f28 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -840,7 +840,7 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will
Note that this feature is experimental and may change in the future.
-#### **\-\-secret**=*secret*
+#### **\-\-secret**=*secret*[,opt=opt ...]
Give the container access to a secret. Can be specified multiple times.
@@ -848,12 +848,17 @@ A secret is a blob of sensitive data which a container needs at runtime but
should not be stored in the image or in source control, such as usernames and passwords,
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
-Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
-`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
-another secret is created with the same name, the secret inside the container will not change; the old
-secret value will still remain.
+When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created.
+When secrets are specified as type `env`, the secret will be set as an environment variable within the container.
+Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands
+after the container is created will not affect the secret inside the container.
-Secrets are managed using the `podman secret` command.
+Secrets and its storage are managed using the `podman secret` command.
+
+Secret Options
+
+- `type=mount|env` : How the secret will be exposed to the container. Default mount.
+- `target=target` : Target of secret. Defauts to secret name.
#### **\-\-security-opt**=*option*
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 0c412c2a6..0ab8f04db 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -892,7 +892,7 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will
Note that this feature is experimental and may change in the future.
-#### **\-\-secret**=*secret*
+#### **\-\-secret**=*secret*[,opt=opt ...]
Give the container access to a secret. Can be specified multiple times.
@@ -900,12 +900,17 @@ A secret is a blob of sensitive data which a container needs at runtime but
should not be stored in the image or in source control, such as usernames and passwords,
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
-Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
-`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
-another secret is created with the same name, the secret inside the container will not change; the old
-secret value will still remain.
+When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created.
+When secrets are specified as type `env`, the secret will be set as an environment variable within the container.
+Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands
+after the container is created will not affect the secret inside the container.
-Secrets are managed using the `podman secret` command
+Secrets and its storage are managed using the `podman secret` command.
+
+Secret Options
+
+- `type=mount|env` : How the secret will be exposed to the container. Default mount.
+- `target=target` : Target of secret. Defauts to secret name.
#### **\-\-security-opt**=*option*
diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md
index f5a97a0f3..7aacca3fe 100644
--- a/docs/source/markdown/podman-secret-create.1.md
+++ b/docs/source/markdown/podman-secret-create.1.md
@@ -20,6 +20,10 @@ Secrets will not be committed to an image with `podman commit`, and will not be
## OPTIONS
+#### **\-\-env**=*false*
+
+Read secret data from environment variable
+
#### **\-\-driver**=*driver*
Specify the secret driver (default **file**, which is unencrypted).