From d6239385fd3bb3a635e15fcf7c4bd14e4cb65f85 Mon Sep 17 00:00:00 2001
From: Stuart Cardall <itoffshore@users.noreply.github.com>
Date: Tue, 6 May 2025 20:09:26 +0000
Subject: [PATCH] Update podman-secret-create.1.md

* Adds example showing secure secret generation / rotation & mounting
* fixes https://github.com/containers/podman/issues/26064

Signed-off-by: Stuart Cardall <itoffshore@users.noreply.github.com>
---
 .../source/markdown/podman-secret-create.1.md | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md
index 5f0ef17bfd..f499f1d718 100644
--- a/docs/source/markdown/podman-secret-create.1.md
+++ b/docs/source/markdown/podman-secret-create.1.md
@@ -78,7 +78,7 @@ delete =
 
 ## EXAMPLES
 
-Create the specified secret based on local file.
+Create the specified secret based on a local file.
 ```
 echo -n mysecret > ./secret.txt
 $ podman secret create my_secret ./secret.txt
@@ -89,7 +89,17 @@ Create the specified secret via stdin.
 $ printf <secret> | podman secret create my_secret -
 ```
 
-Create gpg encrypted secret based on local file using the pass driver.
+Create or rotate a cryptographically secure random secret just under the maximum `512000` bytes via stdin.
+```
+openssl rand -base64 378000 | podman secret create --replace my_secret -
+```
+
+Mount a local file-based secret securely in a container.
+```
+podman run --rm --secret source=my_secret,type=mount,uid=1001,gid=1001,mode=440 docker.io/library/alpine ls -l /run/secrets/my_secret
+```
+
+Create gpg encrypted secret based on a local file using the pass driver.
 ```
 $ podman secret create --driver=pass my_secret ./secret.txt.gpg
 ```
@@ -100,8 +110,9 @@ $ podman secret create --env=true my_secret MYSECRET
 ```
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-secret(1)](podman-secret.1.md)**, **[podman-login(1)](podman-login.1.md)**
+**[podman(1)](podman.1.md)**, **[podman-secret(1)](podman-secret.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[podman-run(1)](podman-run.1.md)**
 
 ## HISTORY
-January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
-February 2024, Added example showing secret creation from an environment variable by Brett Calliss <brett@obligatory.email>
+* January 2021, Originally compiled by Ashley Cui <acui@redhat.com>
+* February 2024, Added example showing secret creation from an environment variable by Brett Calliss <brett@obligatory.email>
+* May 2025, Added example showing secure secret generation / rotation & mounting by [Stuart Cardall](https://github.com/itoffshore)