Skip to content

Use a secret in your workload

This how-to guide shows you how to reference and use a secret in your workload.

A secret can be made available as environment variables or files, or both.

Prerequisites

  • You're part of a NAIS team
  • You have previously created a secret for your team
  • A Github repository where the NAIS team has access
  • The repository contains a valid workload manifest (nais.yaml)

Expose secret as environment variables

  1. Add a reference to the secret in the workload's nais.yaml manifest.

    For a secret named cool-cat, the manifest should contain these additional lines:

    nais.yaml
    spec:
      envFrom:
        - secret: cool-cat
    
  2. Commit and push the changes to version control, and deploy your workload as usual.

  3. Each key-value pair is now available in your workload's runtime as an environment variable.

    For example, for a key named SOME_KEY:

    SOME_KEY=some-value
    

Mount secret as files

  1. Add a reference to the secret in the workload's nais.yaml manifest.

    For a secret named cool-cat, the manifest should contain these additional lines:

    nais.yaml
     spec:
       filesFrom:
        - secret: cool-cat
          mountPath: /var/run/secrets/cool-cat
    
  2. Commit and push the changes to version control, and deploy your workload as usual.

  3. Each key-value pair is now available as a file in your workload the specified mount path, e.g:

    /var/run/secrets/cool-cat/
    

    For example, a key named some-key will be available as a file at the following path:

    /var/run/secrets/cool-cat/some-key