github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/podman-secret-create.1.md

github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/podman-secret-create.1.md (about)

     1  % podman-secret-create 1
     2  
     3  ## NAME
     4  podman\-secret\-create - Create a new secret
     5  
     6  ## SYNOPSIS
     7  **podman secret create** [*options*] *name* *file|-*
     8  
     9  ## DESCRIPTION
    10  
    11  Creates a secret using standard input or from a file for the secret content.
    12  
    13  Create accepts a path to a file, or `-`, which tells podman to read the secret from stdin
    14  
    15  A secret is a blob of sensitive data which a container needs at runtime but
    16  is not stored in the image or in source control, such as usernames and passwords,
    17  TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
    18  
    19  Secrets are not committed to an image with `podman commit`, and does not get committed in the archive created by a `podman export` command.
    20  
    21  Secrets can also be used to store passwords for `podman login` to authenticate against container registries.
    22  
    23  ## OPTIONS
    24  
    25  #### **--driver**, **-d**=*driver*
    26  
    27  Specify the secret driver (default **file**).
    28  
    29  #### **--driver-opts**=*key1=val1,key2=val2*
    30  
    31  Specify driver specific options.
    32  
    33  #### **--env**=*false*
    34  
    35  Read secret data from environment variable.
    36  
    37  #### **--help**
    38  
    39  Print usage statement.
    40  
    41  #### **--label**, **-l**=*key=val1,key2=val2*
    42  
    43  Add label to secret. These labels can be viewed in podman secrete inspect or ls.
    44  
    45  #### **--replace**=*false*
    46  
    47  If existing secret with the same name already exists, update the secret.
    48  The `--replace` option does not change secrets within existing containers, only newly created containers.
    49   The default is **false**.
    50  
    51  ## SECRET DRIVERS
    52  
    53  #### file
    54  
    55  Secret resides in a read-protected file.
    56  
    57  #### pass
    58  
    59  Secret resides in a GPG-encrypted file.
    60  
    61  #### shell
    62  
    63  Secret is managed by custom scripts. An environment variable **SECRET_ID**
    64  is passed to the scripts (except for **list**), and secrets are communicated
    65  via stdin/stdout (where applicable). Driver options **list**, **lookup**,
    66  **store**, and **delete** serve to install the scripts:
    67  
    68  ```
    69  [secrets]
    70  driver = "shell"
    71  
    72  [secrets.opts]
    73  list =
    74  lookup =
    75  store =
    76  delete =
    77  ```
    78  
    79  ## EXAMPLES
    80  
    81  Create the specified secret based on local file.
    82  ```
    83  echo -n mysecret > ./secret.txt
    84  $ podman secret create my_secret ./secret.txt
    85  ```
    86  
    87  Create the specified secret via stdin.
    88  ```
    89  $ printf <secret> | podman secret create my_secret -
    90  ```
    91  
    92  Create gpg encrypted secret based on local file using the pass driver.
    93  ```
    94  $ podman secret create --driver=pass my_secret ./secret.txt.gpg
    95  ```
    96  
    97  Create a secret from an environment variable called 'MYSECRET'.
    98  ```
    99  $ podman secret create --env=true my_secret MYSECRET
   100  ```
   101  
   102  ## SEE ALSO
   103  **[podman(1)](podman.1.md)**, **[podman-secret(1)](podman-secret.1.md)**, **[podman-login(1)](podman-login.1.md)**
   104  
   105  ## HISTORY
   106  January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
   107  February 2024, Added example showing secret creation from an environment variable by Brett Calliss <brett@obligatory.email>