From 832a69b0bee6ec289521fbd59ddd480372493ee3 Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Fri, 15 Jan 2021 01:27:23 -0500 Subject: Implement Secrets Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui --- pkg/specgen/generate/container_create.go | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkg/specgen/generate/container_create.go') diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 1bc050b00..74291325c 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -359,6 +359,10 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. options = append(options, libpod.WithHealthCheck(s.ContainerHealthCheckConfig.HealthConfig)) logrus.Debugf("New container has a health check") } + + if len(s.Secrets) != 0 { + options = append(options, libpod.WithSecrets(s.Secrets)) + } return options, nil } -- cgit v1.2.3-54-g00ecf