Using the shell
secret driver, we can store authentication credentials as
Podman secrets in .authinfo.gpg
.
- A single place to store authentication credentials.
- Easy to update tokens when necessary.
- No need for an external tools such as
pass
.
First, download the shell script into $HOME/.config/containers
, and
containers.conf
to $HOME/.config/containers/authinfo-secrets.conf
.
wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/gpg_store.sh -O $HOME/.config/containers/gpg_store.sh
wget https://raw.githubusercontent.com/arifer612/podman-authinfo-secrets/master/containers.conf -O $HOME/.config/containers/authinfo-secrets.conf
Next, configure .authinfo.gpg
with your primary GPG encryption recipient. This
may be done by adding the GPG key ID of the primary recipient within
quotations to the head of the file as
# Recipient key: "0xABCDEFG" machine ....
or by adding the email of the primary recipient within quotations to the head of the file as
# Recipient email: "[email protected]" machine ....
or by adding the name of the primary recipient within quotations to the head of the file as
# Recipient name: "John Doe" machine ....
Otherwise, if you are using Emacs and epa
to manage GPG-encrypted files, you
should make use of local file variables. For example, adding the GPG key ID of
the primary recipient to the head of the file would look like
# -*- epa-file-encrypt-to: ("0xABCDEFG") -*- machine ....
whereas adding the email of the primary recipient to the head of the file would look like
# -*- epa-file-encrypt-to: ("[email protected]") -*- machine ....
and adding the name of the primary recipient to the head of the file would look like
# -*- epa-file-encrypt-to: ("John Doe") -*- machine ....
Run podman secret create
with the driver flag. The following examples will
result in .authinfo.gpg
that looks like
machine podman login PODMAN_SECRET_ID password P@s5W0rD
CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create [email protected] <(printf P@s5W0rD)
CONTAINERS_CONF=$HOME/.config/containers/authinfo-secrets.conf podman secret create [email protected] my-docker-io-password.txt
where the contents of my-docker-io-password.txt
is
$ cat my-docker-io-password.txt P@s5W0rDSimply run
podman secret rm
as normal.
podman secret rm [email protected]
podman login --username john --secret [email protected] docker.io
podman login --username johnny --secret johnny@fedora registry.fedoraproject.org