Skip to content

Secrets used as environment variables


Secrets can be mounted as data volumes or exposed as environment variables and used by a container in a pod to interact with external systems on your behalf. Secrets can also be used by other parts of the system, without being directly exposed to the pod.

Benefits for storing secrets as files include: setting file permissions, projects of secret keys to specific paths, and consuming secret values from volumes.

Fix - Buildtime


  • Resource: Container
  • Arguments:
    env:valueFrom:secretKeyRef - uses a secret in an environment variable in a Pod
    envFrom:secretRef - defines all of the secret’s data as the container environment variables

```yaml valueFrom apiVersion: v1 kind: Pod metadata: name: spec: containers: - name: image: env: - name: valueFrom: - secretKeyRef: - name: - key:

```yaml envFrom
apiVersion: v1
kind: Pod
  name: <pod name>
    - name: <contianer name>
      image: <image>
-     - secretRef:
-         name: <secret name>