The current deployment creates Podman secrets (e.g. foreman-seed-admin-user, foreman-seed-admin-password) that are mounted into containers as environment variables. These secrets are only meaningfully used during the initial db:seed run but remain permanently created, persisted, and mounted on every container restart — providing no ongoing value after first deployment.
In src/roles/foreman/tasks/main.yaml, Podman secrets are created for seed data:
- foreman-seed-admin-user → SEED_ADMIN_USER
- foreman-seed-admin-password → SEED_ADMIN_PASSWORD
These are mounted into the main Foreman container, the db-migrate-seed oneshot container, and the recurring tasks containers. After the initial db:seed execution, these secrets serve no purpose but continue to exist as Podman secrets and remain mounted as environment variables in running containers.
The current deployment creates Podman secrets (e.g. foreman-seed-admin-user, foreman-seed-admin-password) that are mounted into containers as environment variables. These secrets are only meaningfully used during the initial db:seed run but remain permanently created, persisted, and mounted on every container restart — providing no ongoing value after first deployment.
In src/roles/foreman/tasks/main.yaml, Podman secrets are created for seed data:
These are mounted into the main Foreman container, the db-migrate-seed oneshot container, and the recurring tasks containers. After the initial db:seed execution, these secrets serve no purpose but continue to exist as Podman secrets and remain mounted as environment variables in running containers.