aboutsummaryrefslogtreecommitdiff
path: root/docs/source/markdown
diff options
context:
space:
mode:
authorAshley Cui <acui@redhat.com>2021-01-15 01:27:23 -0500
committerAshley Cui <acui@redhat.com>2021-02-09 09:13:21 -0500
commit832a69b0bee6ec289521fbd59ddd480372493ee3 (patch)
tree4c8a14b7fad879dc454c37f8b59120cf74ceafd1 /docs/source/markdown
parent2aaf631586e82192e6b7b992e6b5c8717eb792d7 (diff)
downloadpodman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.gz
podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.bz2
podman-832a69b0bee6ec289521fbd59ddd480372493ee3.zip
Implement Secrets
Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'docs/source/markdown')
-rw-r--r--docs/source/markdown/podman-create.1.md12
-rw-r--r--docs/source/markdown/podman-run.1.md10
-rw-r--r--docs/source/markdown/podman-secret-create.1.md43
-rw-r--r--docs/source/markdown/podman-secret-inspect.1.md38
-rw-r--r--docs/source/markdown/podman-secret-ls.1.md30
-rw-r--r--docs/source/markdown/podman-secret-rm.1.md33
-rw-r--r--docs/source/markdown/podman-secret.1.md25
-rw-r--r--docs/source/markdown/podman.1.md1
8 files changed, 191 insertions, 1 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 1d72db065..7782949a9 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -825,6 +825,16 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will
Note that this feature is experimental and may change in the future.
+#### **--secret**=*secret*
+
+Give the container access to a secret. Can be specified multiple times.
+
+A secret is a blob of sensitive data which a container needs at runtime but
+should not be stored in the image or in source control, such as usernames and passwords,
+TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
+
+Secrets are managed using the `podman secret` command.
+
#### **--security-opt**=*option*
Security Options
@@ -1277,7 +1287,7 @@ b
NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
## SEE ALSO
-**podman**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-kill**(1), **podman-stop**(1),
+**podman**(1), **podman-secret**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-kill**(1), **podman-stop**(1),
**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5)**.
## HISTORY
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 0838dd546..49b45f4f8 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -877,6 +877,16 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will
Note that this feature is experimental and may change in the future.
+#### **--secret**=*secret*
+
+Give the container access to a secret. Can be specified multiple times.
+
+A secret is a blob of sensitive data which a container needs at runtime but
+should not be stored in the image or in source control, such as usernames and passwords,
+TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
+
+Secrets are managed using the `podman secret` command
+
#### **--security-opt**=*option*
Security Options
diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md
new file mode 100644
index 000000000..af4dc1d97
--- /dev/null
+++ b/docs/source/markdown/podman-secret-create.1.md
@@ -0,0 +1,43 @@
+% podman-secret-create(1)
+
+## NAME
+podman\-secret\-create - Create a new secret
+
+## SYNOPSIS
+**podman secret create** [*options*] *name* *file|-*
+
+## DESCRIPTION
+
+Creates a secret using standard input or from a file for the secret content.
+
+Create accepts a path to a file, or `-`, which tells podman to read the secret from stdin
+
+A secret is a blob of sensitive data which a container needs at runtime but
+should not be stored in the image or in source control, such as usernames and passwords,
+TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
+
+Secrets will not be commited to an image with `podman commit`, and will not be in the archive created by a `podman export`
+
+## OPTIONS
+
+#### **--driver**=*driver*
+
+Specify the secret driver (default **file**, which is unencrypted).
+
+#### **--help**
+
+Print usage statement.
+
+## EXAMPLES
+
+```
+$ podman secret create my_secret ./secret.json
+$ podman secret create --driver=file my_secret ./secret.json
+$ printf <secret> | podman secret create my_secret -
+```
+
+## SEE ALSO
+podman-secret (1)
+
+## HISTORY
+January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
diff --git a/docs/source/markdown/podman-secret-inspect.1.md b/docs/source/markdown/podman-secret-inspect.1.md
new file mode 100644
index 000000000..383db8375
--- /dev/null
+++ b/docs/source/markdown/podman-secret-inspect.1.md
@@ -0,0 +1,38 @@
+% podman-secret-inspect(1)
+
+## NAME
+podman\-secret\-inspect - Display detailed information on one or more secrets
+
+## SYNOPSIS
+**podman secret inspect** [*options*] *secret* [...]
+
+## DESCRIPTION
+
+Inspects the specified secret.
+
+By default, this renders all results in a JSON array. If a format is specified, the given template will be executed for each result.
+Secrets can be queried individually by providing their full name or a unique partial name.
+
+## OPTIONS
+
+#### **--format**=*format*
+
+Format secret output using Go template.
+
+#### **--help**
+
+Print usage statement.
+
+
+## EXAMPLES
+
+```
+$ podman secret inspect mysecret
+$ podman secret inspect --format "{{.Name} {{.Scope}}" mysecret
+```
+
+## SEE ALSO
+podman-secret(1)
+
+## HISTORY
+January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
diff --git a/docs/source/markdown/podman-secret-ls.1.md b/docs/source/markdown/podman-secret-ls.1.md
new file mode 100644
index 000000000..688784e05
--- /dev/null
+++ b/docs/source/markdown/podman-secret-ls.1.md
@@ -0,0 +1,30 @@
+% podman-secret-ls(1)
+
+## NAME
+podman\-secret\-ls - List all available secrets
+
+## SYNOPSIS
+**podman secret ls** [*options*]
+
+## DESCRIPTION
+
+Lists all the secrets that exist. The output can be formatted to a Go template using the **--format** option.
+
+## OPTIONS
+
+#### **--format**=*format*
+
+Format secret output using Go template.
+
+## EXAMPLES
+
+```
+$ podman secret ls
+$ podman secret ls --format "{{.Name}}"
+```
+
+## SEE ALSO
+podman-secret(1)
+
+## HISTORY
+January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
diff --git a/docs/source/markdown/podman-secret-rm.1.md b/docs/source/markdown/podman-secret-rm.1.md
new file mode 100644
index 000000000..5169626dc
--- /dev/null
+++ b/docs/source/markdown/podman-secret-rm.1.md
@@ -0,0 +1,33 @@
+% podman-secret-rm(1)
+
+## NAME
+podman\-secret\-rm - Remove one or more secrets
+
+## SYNOPSIS
+**podman secret rm** [*options*] *secret* [...]
+
+## DESCRIPTION
+
+Removes one or more secrets.
+
+## OPTIONS
+
+#### **--all**, **-a**
+
+Remove all existing secrets.
+
+#### **--help**
+
+Print usage statement.
+
+## EXAMPLES
+
+```
+$ podman secret rm mysecret1 mysecret2
+```
+
+## SEE ALSO
+podman-secret(1)
+
+## HISTORY
+January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
diff --git a/docs/source/markdown/podman-secret.1.md b/docs/source/markdown/podman-secret.1.md
new file mode 100644
index 000000000..125888cff
--- /dev/null
+++ b/docs/source/markdown/podman-secret.1.md
@@ -0,0 +1,25 @@
+% podman-secret(1)
+
+## NAME
+podman\-secret - Manage podman secrets
+
+## SYNOPSIS
+**podman secret** *subcommand*
+
+## DESCRIPTION
+podman secret is a set of subcommands that manage secrets.
+
+## SUBCOMMANDS
+
+| Command | Man Page | Description |
+| ------- | ------------------------------------------------------ | ------------------------------------------------------ |
+| create | [podman-secret-create(1)](podman-secret-create.1.md) | Create a new secret |
+| inspect | [podman-secret-inspect(1)](podman-secret-inspect.1.md) | Display detailed information on one or more secrets |
+| ls | [podman-secret-ls(1)](podman-secret-ls.1.md) | List all available secrets |
+| rm | [podman-secret-rm(1)](podman-secret-rm.1.md) | Remove one or more secrets |
+
+## SEE ALSO
+podman(1)
+
+## HISTORY
+January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index 0bb8e387b..6f9e705c2 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -254,6 +254,7 @@ the exit codes follow the `chroot` standard, see below:
| [podman-run(1)](podman-run.1.md) | Run a command in a new container. |
| [podman-save(1)](podman-save.1.md) | Save image(s) to an archive. |
| [podman-search(1)](podman-search.1.md) | Search a registry for an image. |
+| [podman-secret(1)](podman-secret.1.md) | Manage podman secrets. |
| [podman-start(1)](podman-start.1.md) | Start one or more containers. |
| [podman-stats(1)](podman-stats.1.md) | Display a live stream of one or more container's resource usage statistics. |
| [podman-stop(1)](podman-stop.1.md) | Stop one or more running containers. |