NAME¶ 名称
podman-secret-create - Create a new secret
podman-secret-create - 创建一个新的密钥
SYNOPSIS¶ 概要
podman secret create [options] name file|-
podman secret create [选项] 名称 文件|-
DESCRIPTION¶ 描述
Creates a secret using standard input or from a file for the secret content.
使用标准输入或从文件创建一个密钥以用于密钥内容。
Create accepts a path to a file, or -
, which tells podman to read the secret from stdin
Create 接受文件路径或 -
,告诉 podman 从标准输入读取秘密
A secret is a blob of sensitive data which a container needs at runtime but
is not stored in the image or in source control, such as usernames and passwords,
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
秘密是容器在运行时需要但不存储在镜像或源代码控制中的敏感数据块,例如用户名和密码、TLS 证书和密钥、SSH 密钥或其他重要的通用字符串或二进制内容(最大 500 kb)。
Secrets are not committed to an image with podman commit
, and does not get committed in the archive created by a podman export
command.
秘密不会与 podman commit
一起提交到镜像中,并且不会在 podman export
命令创建的存档中提交。
Secrets can also be used to store passwords for podman login
to authenticate against container registries.
秘密还可以用于存储用于 podman login
对容器注册表进行身份验证的密码。
OPTIONS¶ 选项
--driver, -d=driver¶
Specify the secret driver (default file).
指定秘钥驱动程序(默认文件)。
--driver-opts=key1=val1,key2=val2¶
Specify driver specific options.
指定驱动程序特定选项。
--env=false¶
Read secret data from environment variable.
从环境变量中读取秘密数据。
--help¶ --帮助 ¶
Print usage statement. 打印使用说明。
--label, -l=key=val1,key2=val2¶
Add label to secret. These labels can be viewed in podman secrete inspect or ls.
将标签添加到秘密。这些标签可以在 podman secrete inspect 或 ls 中查看。
--replace=false¶
If existing secret with the same name already exists, update the secret.
The --replace
option does not change secrets within existing containers, only newly created containers.
The default is false.
如果同名的现有秘密已经存在,则更新该秘密。 --replace
选项不会更改现有容器中的秘密,只会更改新创建的容器中的秘密。默认值为 false。
SECRET DRIVERS¶ 秘密驱动程序 ¶
file¶ 文件 ¶
Secret resides in a read-protected file.
秘密驻留在受读保护的文件中。
pass¶ 通过
Secret resides in a GPG-encrypted file.
密钥存储在一个 GPG 加密的文件中。
shell¶ shell
Secret is managed by custom scripts. An environment variable SECRET_ID
is passed to the scripts (except for list), and secrets are communicated
via stdin/stdout (where applicable). Driver options list, lookup,
store, and delete serve to install the scripts:
机密由自定义脚本管理。将环境变量 SECRET_ID 传递给脚本(除了 list),并通过 stdin/stdout(适用时)进行机密通信。驱动程序选项 list、lookup、store 和 delete 用于安装脚本:
[secrets]
driver = "shell"
[secrets.opts]
list =
lookup =
store =
delete =
EXAMPLES¶ 示例
Create the specified secret based on local file.
基于本地文件创建指定的机密。
echo -n mysecret > ./secret.txt
$ podman secret create my_secret ./secret.txt
Create the specified secret via stdin.
通过 stdin 创建指定的机密。
$ printf <secret> | podman secret create my_secret -
Create gpg encrypted secret based on local file using the pass driver.
使用 pass 驱动程序基于本地文件创建 gpg 加密的密钥。
$ podman secret create --driver=pass my_secret ./secret.txt.gpg
Create a secret from an environment variable called ‘MYSECRET’.
从名为 ‘MYSECRET’ 的环境变量创建一个密钥。
$ podman secret create --env=true my_secret MYSECRET
SEE ALSO¶ 参见 ¶
HISTORY¶ 历史 ¶
January 2021, Originally compiled by Ashley Cui acui@redhat.com
February 2024, Added example showing secret creation from an environment variable by Brett Calliss brett@obligatory.email
2021 年 1 月,最初由 Ashley Cui acui@redhat.com 编写 2024 年 2 月,由 Brett Calliss brett@obligatory.email 添加了一个示例,展示了如何从环境变量创建秘密