Passing a secret to container
I have a secret called `~/.git-credentials`. I need to pass it into a container such that the container can use the secret the way I do. There are hard limitations to this:
- the secret cannot be a part of any image. neither can any part of my user environment (gid/uid) be
- no changes to secret permissions on the host (the secret has 600 permissions, owned by host user)
- container runs the payload as a non-root user inside container
- has to be a no-code solution outside the container: i.e. I cannot build a script around reading the secret on host and passing to container stdin, etc
- no silly bypassing of the previous rule: I cannot build a microservice to serve this secret from a different container... you get it
What I tried:
- bind mount results in insufficient permissions because container uid does not match my uid. When I `ls` the mounted secret it simply shows uid/gid of my user on the host
- compose secrets have the same issue as bind mount
- chatbot suggested swarm but it probably violates the last two rules? not sure