Podman: $XDG_RUNTIME_DIR for passwords. Why a non-persistant path?

The lack of persistence is deliberate - we didn't want to leave secret information around after the user logs out of the system.

Hmm, annoying though, especially if you follow good development practices and create API keys – which you can only view once. So you have to regenerate a key each time again and again… :roll_eyes:

Just the more reason for #4119 I guess.

@rugk could you store your authfile in a secure and more permanent location and then use the --authfile option to point the command to use the non-default location?

yeah I could, I guess. Could also use the docker location that is read by default anyway, there…

@rugk the issue is that the vast majority people use username/password for this, and storing these in an unencrypted file in your homedir, is too much of a security hole. We have an effort to make credential helpers easier to use, and for users on Linux to make it use gnome-helper by default if it is running.

You do know there is an environment variable for this also.

man podman login
...
Note: You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path

I did not, but thanks for the hint.
So is there anything to do in this issue? Otherwise, I'd close it?

I will close it, but we hope to make the credential stuff better at least for people who use a Linux Desktop out of the box.

One thing we could also consider would be adding this location to containers.conf, so users or admin could set it permanently to a different location.