container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-19 08:44:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs: removing secrets is safe for in-use secrets

Browse source 
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation

Signed-off-by: Ashley Cui <acui@redhat.com>
This commit is contained in:
Ashley Cui 2021-03-16 16:12:32 -04:00
parent 604459b404
commit 3d01d42f26
3 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/source/markdown/podman-create.1.md
View file

@ -833,6 +833,11 @@ A secret is a blob of sensitive data which a container needs at runtime but
should not be stored in the image or in source control, such as usernames and passwords, should not be stored in the image or in source control, such as usernames and passwords,
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size). TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
another secret is created with the same name, the secret inside the container will not change; the old
secret value will still remain.
Secrets are managed using the `podman secret` command. Secrets are managed using the `podman secret` command.
#### **--security-opt**=*option* #### **--security-opt**=*option*

5
docs/source/markdown/podman-run.1.md
View file

@ -885,6 +885,11 @@ A secret is a blob of sensitive data which a container needs at runtime but
should not be stored in the image or in source control, such as usernames and passwords, should not be stored in the image or in source control, such as usernames and passwords,
TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size). TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
Secrets are copied and mounted into the container when a container is created. If a secret is deleted using
`podman secret rm`, the container will still have access to the secret. If a secret is deleted and
another secret is created with the same name, the secret inside the container will not change; the old
secret value will still remain.
Secrets are managed using the `podman secret` command Secrets are managed using the `podman secret` command
#### **--security-opt**=*option* #### **--security-opt**=*option*

6
docs/source/markdown/podman-secret-rm.1.md
View file

@ -10,6 +10,12 @@ podman\-secret\-rm - Remove one or more secrets
Removes one or more secrets. Removes one or more secrets.
`podman secret rm` is safe to use on secrets that are in use by a container.
The created container will still have access to the secret data because secrets are
copied and mounted into the container when a container is created. If a secret is deleted and
another secret is created with the same name, the secret inside the container will not change;
the old secret value will still remain.
## OPTIONS ## OPTIONS
#### **--all**, **-a** #### **--all**, **-a**