.nh .TH podman-secret-create 1 .SH NAME .PP podman-secret-create - Create a new secret .SH SYNOPSIS .PP \fBpodman secret create\fP [\fIoptions\fP] \fIname\fP \fIfile|-\fP .SH DESCRIPTION .PP Creates a secret using standard input or from a file for the secret content. .PP Create accepts a path to a file, or \fB-\fR, which tells podman to read the secret from stdin .PP A secret is a blob of sensitive data which a container needs at runtime but is not stored in the image or in source control, such as usernames and passwords, TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size). .PP Secrets are not committed to an image with \fBpodman commit\fR, and does not get committed in the archive created by a \fBpodman export\fR command. .PP Secrets can also be used to store passwords for \fBpodman login\fR to authenticate against container registries. .SH OPTIONS .SS \fB--driver\fP, \fB-d\fP=\fIdriver\fP .PP Specify the secret driver (default \fBfile\fP). .SS \fB--driver-opts\fP=\fIkey1=val1,key2=val2\fP .PP Specify driver specific options. .SS \fB--env\fP=\fIfalse\fP .PP Read secret data from environment variable. .SS \fB--help\fP .PP Print usage statement. .SS \fB--label\fP, \fB-l\fP=\fIkey=val1,key2=val2\fP .PP Add label to secret. These labels can be viewed in podman secrete inspect or ls. .SS \fB--replace\fP=\fIfalse\fP .PP If existing secret with the same name already exists, update the secret. The \fB--replace\fR option does not change secrets within existing containers, only newly created containers. The default is \fBfalse\fP\&. .SH SECRET DRIVERS .SS file .PP Secret resides in a read-protected file. .SS pass .PP Secret resides in a GPG-encrypted file. .SS shell .PP Secret is managed by custom scripts. An environment variable \fBSECRET_ID\fP is passed to the scripts (except for \fBlist\fP), and secrets are communicated via stdin/stdout (where applicable). Driver options \fBlist\fP, \fBlookup\fP, \fBstore\fP, and \fBdelete\fP serve to install the scripts: .EX [secrets] driver = "shell" [secrets.opts] list = lookup = store = delete = .EE .SH EXAMPLES .EX $ podman secret create my_secret ./secret.json $ podman secret create --driver=file my_secret ./secret.json $ printf | podman secret create my_secret - .EE .SH SEE ALSO .PP \fBpodman(1)\fP, \fBpodman-secret(1)\fP, \fBpodman-login(1)\fP .SH HISTORY .PP January 2021, Originally compiled by Ashley Cui acui@redhat.com \[la]mailto:acui@redhat.com\[ra]