Podman allows the use of a secret. This allows you to pass sensitive values, like credentials or API keys, to a container while running it, but excludes them from commits or exports.
So far I've been using the following format to include a config file with credentials as a secret config file within the container.
podman secret create my_creds /path/to/my/credfile.txt
podman run ... --secret=my_creds,mode=0400 ... container --credentials /run/secrets/my_creds
But now I'm confronted with a container that forces me to either include the credentials in a big config file (which I don't want to fully store in a secret) or via environment variables.
Podman does have an option to import secrets into a container as environment variables. However, the list of credentials I need to import is quite large, so I'd need to add quite a lot of lines creating secrets in my service file.
So my question now is: is there a way to take a file containing secrets stored as KEY=VALUE and import each line as a secret env variable in a podman container?
EDIT:
Currently I hacked together the following solution
ExecStartPre=-for l in $(cat /path/to/my/credfile.txt); do \
echo $l | cut -d'=' -f 2 | /usr/bin/podman secret create $(echo $l | cut -d'=' -f 1 -) -; done
ExecStopPost=-for l in $(cat /path/to/my/credfile.txt); do \
/usr/bin/podman secret rm $(echo $l | cut -d'=' -f 1 -); done
I still need to manually add all the --secret=SECRET_NAME,type=env params.
