Add support for environment variable secrets

Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.

Signed-off-by: Ashley Cui <acui@redhat.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 2f623bf10..dcacb3780 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -397,6 +397,11 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 	if len(s.Secrets) != 0 {
 		options = append(options, libpod.WithSecrets(s.Secrets))
 	}
+
+	if len(s.EnvSecrets) != 0 {
+		options = append(options, libpod.WithEnvSecrets(s.EnvSecrets))
+	}
+
 	if len(s.DependencyContainers) > 0 {
 		deps := make([]*libpod.Container, 0, len(s.DependencyContainers))
 		for _, ctr := range s.DependencyContainers {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index e3d4b1436..4d89f72e4 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -175,6 +175,9 @@ type ContainerBasicConfig struct {
 	// set tags as `json:"-"` for not supported remote
 	// Optional.
 	PidFile string `json:"-"`
+	// EnvSecrets are secrets that will be set as environment variables
+	// Optional.
+	EnvSecrets map[string]string `json:"secret_env,omitempty"`
 }
 
 // ContainerStorageConfig contains information on the storage configuration of a