Encrypted volumes

[tmstn]

Will podman ever introduce encrypted mounted volumes? On the host machine the data is always encrypted but inside the container it is decrypted with a secret.

[rhatdan]

You want encrypted volumes which the host can not read but the container can? Without using confidential computing this is impossible. We could potentially encrypt a volume and only have it decrypted when the volume is mounted. This could be done with a volume plugin. Note you would still need to provide a password to the plugin to decrypt the data.