Using the shell secret driver, we can store authentication credentials as Podman secrets in .authinfo.gpg.

• A single place to store authentication credentials.
• Easy to update tokens when necessary.
• No need for an external tools such as pass.

First, download the shell script into $HOME/.config/containers, and containers.conf to $HOME/.config/containers/authinfo-secrets.conf.

wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/gpg_store.sh -O $HOME/.config/containers/gpg_store.sh
wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/containers.conf -O $HOME/.config/containers/authinfo-secrets.conf

Next, configure .authinfo.gpg with your primary GPG encryption recipient. This may be done by adding the GPG key ID of the primary recipient within quotations to the head of the file as

# Recipient key: "0xABCDEFG"
machine ....

or by adding the email of the primary recipient within quotations to the head of the file as

# Recipient email: "[email protected]"
machine ....

or by adding the name of the primary recipient within quotations to the head of the file as

# Recipient name: "John Doe"
machine ....

Otherwise, if you are using Emacs and epa to manage GPG-encrypted files, you should make use of local file variables. For example, adding the GPG key ID of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("0xABCDEFG") -*-
machine ....

whereas adding the email of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("[email protected]") -*-
machine ....

and adding the name of the primary recipient to the head of the file would look like

# -*- epa-file-encrypt-to: ("John Doe") -*-
machine ....

Run podman secret create with the driver flag. The following examples will result in .authinfo.gpg that looks like

machine podman login PODMAN_SECRET_ID password P@s5W0rD

CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create [email protected] <(printf P@s5W0rD)

CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create [email protected] my-docker-io-password.txt

where the contents of my-docker-io-password.txt is

$ cat my-docker-io-password.txt
P@s5W0rD

podman secret rm [email protected]

podman login --username john --secret [email protected] docker.io
podman login --username johnny --secret johnny@fedora registry.fedoraproject.org