Podman - Secrets
-
Podman Secret
root@debian-4gb-nbg1-2-forgejo:~# podman secret -h Manage secrets Description: Manage secrets Usage: podman secret [command] Available Commands: create Create a new secret exists Check if a secret exists in local storage inspect Inspect a secret ls List secrets rm Remove one or more secretsAktuell habe ich das Passwort für Postgres da abgelegt.
root@debian-4gb-nbg1-2-forgejo:~# podman secret ls ID NAME DRIVER CREATED UPDATED db7abf687e9f06da08026da49 POSTGRES_PASSWORD file 22 hours ago 22 hours agoMan kann sich folgendes ausgeben lassen.
root@debian-4gb-nbg1-2-forgejo:~# podman secret inspect POSTGRES_PASSWORD [ { "ID": "db7abf687e9f06da08026da49", "CreatedAt": "2025-03-02T08:42:10.916706314Z", "UpdatedAt": "2025-03-02T08:42:10.916706314Z", "Spec": { "Name": "POSTGRES_PASSWORD", "Driver": { "Name": "file", "Options": { "path": "/var/lib/containers/storage/secrets/filedriver" } }, "Labels": {} } } ]Unter /var/lib/containers/storage/secrets/filedriver liegen die verschlüsselten Daten im Filesystem.
So erzeugt man das
podman secret create test /root/secrets/POSTGRES_PASSWORD.txtDann hätte ich jetzt 2 Secrets in der Liste
root@debian-4gb-nbg1-2-forgejo:~# podman secret ls ID NAME DRIVER CREATED UPDATED 2b8f7cc5e6aadce087f3b72b1 test file 15 seconds ago 15 seconds ago db7abf687e9f06da08026da49 POSTGRES_PASSWORD file 22 hours ago 22 hours agoUnd hiermit entfernt man eines
root@debian-4gb-nbg1-2-forgejo:~# podman secret rm test 2b8f7cc5e6aadce087f3b72b1 root@debian-4gb-nbg1-2-forgejo:~# podman secret ls ID NAME DRIVER CREATED UPDATED db7abf687e9f06da08026da49 POSTGRES_PASSWORD file 23 hours ago 23 hours ago
