Mastodawn

Running Podman in production for years now, and I don't miss the Docker daemon one bit.

I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.

I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layer

This is the guide I wish I had when making the switch.

Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/

#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers

Podman in Production: Quadlets, Secrets, Auto-Updates, and Docker Compatibility

An opinionated production-ops guide to Podman on Linux servers - why I prefer it over Docker, how Quadlets replace Compose files, and practical patterns from real deployments including secrets mana...

Larvitz Blog

Show thread

Brian "bex" Exelbierd 6h ago

@Larvitz I use podman for all my unorchestrated containers. Love it. How we I’ve stayed away from podman secrets as they used to be written to disk in plaintext. Did that get fixed?

Show thread

Larvitz

@bexelbie The secrets (by default) are stored in json files under /var/lib/containers/storage/secrets .. Only protected by the file-system permissions. If you want them to be encrypted at rest, you could use something like OpenBao (OSS fork of Hashicorp Vault)