Using Fedora CoreOS, how can I add secrets to podman systemd services?
Using Fedora CoreOS, how can I add secrets to podman systemd services?
Like the title says, does anyone know how to give systemd services a secret?
For example: postgresql.bu
variant: fcos
version: 1.4.0
storage:
directories:
- path: /opt/services/postgres/data
overwrite: true
mode: 0755
systemd:
units:
- name: postgres.service
enabled: true
contents: |
[Unit]
Description=The PostgreSQL object-relational database system
Wants=network-online.target
After=network-online.target
[Service]
Type=notify
NotifyAccess=all
Restart=on-failure
RestartSec=60
ExecStartPre=-/bin/podman kill postgres
ExecStartPre=-/bin/podman rm postgres
ExecStartPre=/bin/podman pull docker.io/library/postgres:15
ExecStart=/bin/podman run --name postgres \
--volume /opt/services/postgres/data:/var/lib/postgresql/data:z \
--env POSTGRES_USER=admin \
--env POSTGRES_PASSWORD=admin \
--env POSTGRES_DB=admin \
--replace --sdnotify=conmon \
--publish 0.0.0.0:5432:5432/tcp \
--restart=unless-stopped \
--log-level info \
docker.io/library/postgres:15
[Install]
WantedBy=multi-user.target
If that is my SystemD unit file, can I replace:
env POSTGRES_PASSWORD=admin with a value that is discovered at runtime?