When running an application in a team namespace, Kubernetes Secrets can be used directly instead of Vault.
To get started using this, simply create the secrets. A secret can be either key-value pairs or files, and can be exposed to the application as environment variables or files.
Creating a secret
$ kubectl create secret generic my-secret --from-literal=key1=supersecret secret/my-secret created
The kubectl plugin kubectl-modify-secret is recommended if you need to modify the secret contents after creation.
my-secret as environment variables to the application by referring to it in
spec: envFrom: - secret: my-secret
That's it! When the application is running, the environment variable
key1 will have the value
Alternatively, if the secret should have their contents mounted into the containers as files:
spec: filesFrom: - secret: my-secret
The secret is then exposed under the path specified by
/var/run/secrets). For this example it is available at
See the official Kubernetes documentation or by running
kubectl create secret generic --help for more details on creating and managing your secrets.