From 1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7 Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Tue, 31 Aug 2021 09:57:03 -0400 Subject: Make secret env var available to exec session Secret environment variables were only available to a podman run/start. This commit makes sure that exec sessions can see them as well. Signed-off-by: Ashley Cui --- libpod/oci_conmon_exec_linux.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'libpod') diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index 469bc7d86..85ae95097 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -685,6 +685,19 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio pspec.Env = append(pspec.Env, env...) } + // Add secret envs if they exist + manager, err := c.runtime.SecretsManager() + if err != nil { + return nil, err + } + for name, secr := range c.config.EnvSecrets { + _, data, err := manager.LookupSecretData(secr.Name) + if err != nil { + return nil, err + } + pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data))) + } + if options.Cwd != "" { pspec.Cwd = options.Cwd } -- cgit v1.2.3-54-g00ecf