mirror of
https://github.com/containers/podman
synced 2024-10-19 08:44:11 +00:00
Docs: removing secrets is safe for in-use secrets
Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
This commit is contained in:
parent
604459b404
commit
3d01d42f26
|
@ -833,6 +833,11 @@ A secret is a blob of sensitive data which a container needs at runtime but
|
||||||
should not be stored in the image or in source control, such as usernames and passwords,
|
should not be stored in the image or in source control, such as usernames and passwords,
|
||||||
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
|
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
|
||||||
|
|
||||||
|
Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
|
||||||
|
`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
|
||||||
|
another secret is created with the same name, the secret inside the container will not change; the old
|
||||||
|
secret value will still remain.
|
||||||
|
|
||||||
Secrets are managed using the `podman secret` command.
|
Secrets are managed using the `podman secret` command.
|
||||||
|
|
||||||
#### **--security-opt**=*option*
|
#### **--security-opt**=*option*
|
||||||
|
|
|
@ -885,6 +885,11 @@ A secret is a blob of sensitive data which a container needs at runtime but
|
||||||
should not be stored in the image or in source control, such as usernames and passwords,
|
should not be stored in the image or in source control, such as usernames and passwords,
|
||||||
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
|
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
|
||||||
|
|
||||||
|
Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
|
||||||
|
`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
|
||||||
|
another secret is created with the same name, the secret inside the container will not change; the old
|
||||||
|
secret value will still remain.
|
||||||
|
|
||||||
Secrets are managed using the `podman secret` command
|
Secrets are managed using the `podman secret` command
|
||||||
|
|
||||||
#### **--security-opt**=*option*
|
#### **--security-opt**=*option*
|
||||||
|
|
|
@ -10,6 +10,12 @@ podman\-secret\-rm - Remove one or more secrets
|
||||||
|
|
||||||
Removes one or more secrets.
|
Removes one or more secrets.
|
||||||
|
|
||||||
|
`podman secret rm` is safe to use on secrets that are in use by a container.
|
||||||
|
The created container will still have access to the secret data because secrets are
|
||||||
|
copied and mounted into the container when a container is created. If a secret is deleted and
|
||||||
|
another secret is created with the same name, the secret inside the container will not change;
|
||||||
|
the old secret value will still remain.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
|
|
||||||
#### **--all**, **-a**
|
#### **--all**, **-a**
|
||||||
|
|
Loading…
Reference in a new issue