Kubernetes Secrets¶
Integration with Google Cloud Platform
We also offer an optional integration with Google Secret Manager as a simplified supplement to using Kubernetes Secrets directly.
When running an application in a team namespace, Kubernetes Secrets can be used directly.
To get started using this, simply create the secrets. A secret can be either key-value pairs or files, and can be exposed to the application as environment variables or files.
Microsoft has a good YouTube video that explains the concepts of Kubernetes secrets.
Example¶
Creating a secret
$ kubectl create secret generic my-secret --from-literal=key1=supersecret
secret/my-secret created
Info
The kubectl plugin kubectl-modify-secret is recommended if you need to modify the secret contents after creation.
Exposing my-secret
as environment variables to the application by referring to it in nais.yaml
spec:
envFrom:
- secret: my-secret
That's it! When the application is running, the environment variable key1
will have the value supersecret
.
Alternatively, if the secret should have their contents mounted into the containers as files:
spec:
filesFrom:
- secret: my-secret
The secret is then exposed under the path specified by spec.filesFrom[].mountPath
(default /var/run/secrets
). For this example it is available at /var/run/secrets/key1
.
See the official Kubernetes documentation or by running kubectl create secret generic --help
for more details on creating and managing your secrets.