Skip to content

Enhanced logging for: podman-secret-create --driver=shell #27635

New issue
New issue
Open
containers/container-libs
#547
Open
Enhanced logging for: podman-secret-create --driver=shell#27635
containers/container-libs
#547
Assignees
ZuhairM7
Labels
kind/featureCategorizes issue or PR as related to a new feature.macosMacOS (OSX) related
@tomashrdy

Description

@tomashrdy
tomashrdy
opened on Nov 29, 2025

Feature request description

I am missing any log entries on the
podman secret create --driver=shell... CLI command.
The output of the command providing scripts is vague:
Error: creating secret test-encryption: exit status 1

Having invoked the podman command with --log-level=trace does not help either:
INFO[0000] podman filtering at log level trace DEBU[0000] Called create.PersistentPreRunE(podman --log-level=trace secret create --driver=shell --driver-opts=list=python3 /Users/thrdy/workspace/projects/data4ce/podman-encrypted-secrets/podman-encrypted-secrets.py list --driver-opts=lookup=/bin/ --driver-opts=store=cat --driver-opts=delete=python3 /Users/thrdy/workspace/projects/data4ce/podman-encrypted-secrets/podman-encrypted-secrets.py delete test-encryption -) DEBU[0000] SSH Ident Key "/Users/thrdy/.local/share/containers/podman/machine/machine" SHA256:URDw+KBXPCj9MWdVcGcwPOff8WtmuddY1KZ47pd5fGE ssh-ed25519 DEBU[0000] DoRequest Method: GET URI: http://d/v5.7.0/libpod/_ping DEBU[0000] DoRequest Method: POST URI: http://d/v5.7.0/libpod/secrets/create 11227a3857122311395d3c872 DEBU[0000] Called create.PersistentPostRunE(podman --log-level=trace secret create --driver=shell --driver-opts=list=python3 /Users/thrdy/workspace/projects/data4ce/podman-encrypted-secrets/podman-encrypted-secrets.py list --driver-opts=lookup=/bin/ --driver-opts=store=cat --driver-opts=delete=python3 /Users/thrdy/workspace/projects/data4ce/podman-encrypted-secrets/podman-encrypted-secrets.py delete test-encryption -) DEBU[0000] Shutting down engines

Suggest potential solution

Git commit sha ref: 89844e5

In src:
vendor/go.podman.io/common/pkg/secrets/secrets.go lines 248-256:

  • add distinction whether the error comes from the SecretsManager.store() invocation or from SecretsDriver.Store() invocation (applies to all drivers)
  • add logging of shell script output to trace log level

vendor/go.podman.io/common/pkg/secrets/shelldriver/shelldriver.go prior any invocation of cmd.Run() (4 times, once per each command):

  • add logging of the complete command to be invoked (preferably DEBUG level)
  • add logging of the commands environment (preferably using DEBUG level)

Have you considered any alternatives?

Amend the commands documentation with more detailed examples on the --driver=shell option:
https://docs.podman.io/en/latest/markdown/podman-secret-create.1.html
Not necesarily the script body itself, but:

  • the expected format of invocation and expected format of the shell output.
  • example invocation of podman secret create with --driver=shell

Additional context

Podman version for runtime test:
`$ podman version
Client: Podman Engine
Version: 5.7.0
API Version: 5.7.0
Go Version: go1.25.4
Built: Tue Nov 11 14:51:07 2025
Build Origin: brew
OS/Arch: darwin/arm64

Server: Podman Engine
Version: 5.7.0
API Version: 5.7.0
Go Version: go1.24.9
Git Commit: 0370128
Built: Tue Nov 11 01:00:00 2025
OS/Arch: linux/arm64
`

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.macosMacOS (OSX) related

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions