Skip to content

arifer612/podman-authinfo-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.org
README.org
 
 
containers.conf
containers.conf
 
 
gpg_store.sh
gpg_store.sh
 
 

Repository files navigation

Podman Authinfo-Secrets

Using the shell secret driver, we can store authentication credentials as Podman secrets in .authinfo.gpg.

Motivation & Benefits

  • A single place to store authentication credentials.
  • Easy to update tokens when necessary.
  • No need for an external tools such as pass.

Installation

First, download the shell script into $HOME/.config/containers, and containers.conf to $HOME/.config/containers/authinfo-secrets.conf.

wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/gpg_store.sh -O $HOME/.config/containers/gpg_store.sh
wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/containers.conf -O $HOME/.config/containers/authinfo-secrets.conf

Next, configure .authinfo.gpg with your primary GPG encryption recipient. This may be done by adding the GPG key ID of the primary recipient within quotations to the head of the file as

# Recipient key: "0xABCDEFG"
machine ....

or by adding the email of the primary recipient within quotations to the head of the file as

# Recipient email: "john@doe.tld"
machine ....

or by adding the name of the primary recipient within quotations to the head of the file as

# Recipient name: "John Doe"
machine ....

Otherwise, if you are using Emacs and epa to manage GPG-encrypted files, you should make use of local file variables. For example, adding the GPG key ID of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("0xABCDEFG") -*-
machine ....

whereas adding the email of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("john@doe.tld") -*-
machine ....

and adding the name of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("John Doe") -*-
machine ....

Usage

Secret-Create

Run podman secret create with the driver flag. The following examples will result in .authinfo.gpg that looks like

machine podman login PODMAN_SECRET_ID password P@s5W0rD

From stdin

CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create john@docker.io <(printf P@s5W0rD)

From a file

CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create john@docker.io my-docker-io-password.txt

where the contents of my-docker-io-password.txt is

$ cat my-docker-io-password.txt
P@s5W0rD

Secret-Remove

Simply run podman secret rm as normal. 
podman secret rm john@docker.io

Podman-Login

podman login --username john --secret john@docker.io docker.io
podman login --username johnny --secret johnny@fedora registry.fedoraproject.org

About

Storing Podman Secrets in a GPG-encrypted Authinfo file.

Topics

podman authinfo podman-secrets

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages