Podman - generate ENV vars with secrets from file

Question

Podman allows the use of a secret. This allows you to pass sensitive values, like credentials or API keys, to a container while running it, but excludes them from commits or exports.

So far I've been using the following format to include a config file with credentials as a secret config file within the container.

podman secret create my_creds /path/to/my/credfile.txt
podman run ... --secret=my_creds,mode=0400 ... container --credentials /run/secrets/my_creds

But now I'm confronted with a container that forces me to either include the credentials in a big config file (which I don't want to fully store in a secret) or via environment variables.

Podman does have an option to import secrets into a container as environment variables. However, the list of credentials I need to import is quite large, so I'd need to add quite a lot of lines creating secrets in my service file.

So my question now is: is there a way to take a file containing secrets stored as KEY=VALUE and import each line as a secret env variable in a podman container?

EDIT:

Currently I hacked together the following solution

ExecStartPre=-for l in $(cat /path/to/my/credfile.txt); do \
              echo $l | cut -d'=' -f 2 | /usr/bin/podman secret create $(echo $l | cut -d'=' -f 1 -) -; done


ExecStopPost=-for l in $(cat /path/to/my/credfile.txt); do \
              /usr/bin/podman secret rm $(echo $l | cut -d'=' -f 1 -); done

I still need to manually add all the --secret=SECRET_NAME,type=env params.

Podman - generate ENV vars with secrets from file

Answers (1)

Related Questions