Skip to content

podman-compose does not support mounting external secrets (works with plain podman run) #1293

New issue
New issue
Open
Open
podman-compose does not support mounting external secrets (works with plain podman run)#1293
Labels
bugSomething isn't working
@Qwarctick

Description

@Qwarctick
Qwarctick
opened on Aug 19, 2025

Describe the bug

When trying to use secrets with podman-compose, I get an error even though the same thing works fine with podman run.

To Reproduce

test-alpine.yml

services:
  alpine_secret:
    image: alpine:latest
    secrets:
      - source: ssh-private-key
        target: /tmp/private_key 
        mode: 700
        uid: 600
        gid: 600
    entrypoint: ["sh", "-c", "ls -alh /tmp && cat /tmpt/secret_key"]

secrets:
  ssh-private-key:
    external: true
podman compose -f test-alpine.yml up

Error output

>>>> Executing external compose provider "/home/vagrant/.local/bin/podman-compose". Please see podman-compose(1) for how to disable this message. <<<<

Error: no container with name or ID "vagrant_alpine_secret_1" found: no such container
Error: no container with ID or name "vagrant_alpine_secret_1" found: no such container
Error: not all containers could be removed from pod ...
...
ValueError: ERROR: Custom name/target reference "/tmp/secret_key" for mounted external secret "secret_key" is not supported
Error: executing /home/vagrant/.local/bin/podman-compose -f test-alpine.yml up: exit status 1

What works with plain podman

This works fine when using podman run directly:

podman run -it --rm \
  --secret=ssh-private-key,uid=600,gid=600,mode=700,type=mount,target=/tmp/private_key \
  alpine:latest sh -c "ls -alh /tmp && cat /tmp/private_key"

Output

-rwx------    1 600      600          411 Aug 19 14:38 private_key
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

Environment:

$ podman-compose version
podman-compose version 1.5.0
podman version 5.4.0

$ podman version
Client:       Podman Engine
Version:      5.4.0
API Version:  5.4.0
Go Version:   go1.23.9 (Red Hat 1.23.9-1.el9_6)
Built:        Tue Jul  8 03:48:42 2025
OS/Arch:      linux/amd64

$ hostnamectl

 Static hostname: sipa
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: b9ca0673f9d446d9bedbf42499ce723e
         Boot ID: 58018b3af1b7480b9938c93a99c26466
  Virtualization: kvm
Operating System: AlmaLinux 9.6 (Sage Margay)
     CPE OS Name: cpe:/o:almalinux:almalinux:9::baseos
          Kernel: Linux 5.14.0-570.33.2.el9_6.x86_64
    Architecture: x86-64
 Hardware Vendor: QEMU
  Hardware Model: Ubuntu 24.04 PC _i440FX + PIIX, 1996_
Firmware Version: 1.16.3-debian-1.16.3-2

Additional information

I suppose the problem comes from https://github.com/containers/podman-compose/blob/main/podman_compose.py#L703. I can prepare a MR to fix the condition.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions