For my simple use case (storing Velero backups), it works perfectly and with a resource footprint ridiculously low (~ 3 MiB memory when idle). In comparison MinIO used 100 times more memory.

Don’t forget the Silverbullet users.

Oh, I didn’t realize this was for plain containers, sorry.

For that I use Ansible to deploy the containers in my server. The secrets are stored encrypted in my local machine with passwordstore and I use the passwordstore lookup plugin to load them in the playbooks/templates.

The Ansible playbooks I use to deploy it are the documentation.

In my homelab I use Bitnami’s sealed secrets to commit the encrypted secrets to git and deploy with ArgoCD.

Which user do you use to run the podman command? Confirm with whoami

Note that the sysctl net.ipv4.ip_unprivileged_port_start can be used to allow non-root users to bind to ports <1024, this might be configured in MicroOS, I don’t know.

I use fail2ban to ban IPs that fall to login and also IPs that perform common scans in the reverse proxy

On the other hand I value Authelia single configuration file which I can version control in git. Authentik is a click-ops burden.