container: Add podman secret support

roles/container/defaults/main.yaml

@@ -4,6 +4,7 @@ container_user: ""
 container_mounts: []
 container_publish_ports: []
 container_networks: []
+container_secrets: []
 container_env: {}
 container_auto_start: true
 container_auto_update: true

roles/container/meta/argument_specs.yaml

@@ -66,6 +66,24 @@ argument_specs:
         required: false
         default: []
         elements: str
+      container_secrets:
+        description: A list of secrets available to the container in /run/secrets/<secret name>
+        type: list
+        required: false
+        default: []
+        elements: dict
+        options:
+          name:
+            description: Name of the secret
+            type: str
+            required: true
+          value:
+            description:
+              - Value of the secret. Defaults to a 128-character random string containing alphanumeric characters.
+              - If the value is not explicitly set, it will not be changed if the secret already exists.
+            type: str
+            required: false
+
       container_env:
         description: A dict of environment variables for the container
         type: dict

roles/container/tasks/main.yaml

@@ -8,6 +8,13 @@
   loop_control:
     loop_var: network
 
+- name: Create secrets for container {{ container_name }}
+  containers.podman.podman_secret:
+    name: "{{ item.name }}"
+    data: "{{ item.value | default(lookup('community.general.random_string', special=false, length=128)) }}"
+    skip_existing: "{{ item.value is not defined }}"
+  loop: "{{ container_secrets }}"
+
 - name: Create container service {{ container_name }}
   ansible.builtin.template:
     src: container.j2

roles/container/templates/container.j2

@@ -30,6 +30,9 @@ Network={{ network }}.network
 {% for port in container_publish_ports %}
 PublishPort={{ port }}
 {% endfor %}
+{% for secret in container_secrets %}
+Secret={{ secret.name }}
+{% endfor %}
 {% for key, value in container_env.items() %}
 Environment={{ key }}={{ value }}
 {% endfor %}