Hacker News new | ask | show | jobs
by corpMaverick 2996 days ago
Not included, but I would like to see how to inject secrets when running an image.
2 comments
jeffstephens 2996 days ago
Kubernetes has great built-in support for injecting secrets as either environment variables (like API keys) or volume mounts (for things like certs). You can configure them to be encrypted at rest as well.

https://kubernetes.io/docs/concepts/configuration/secret/

https://kubernetes.io/docs/tasks/administer-cluster/encrypt-...

link
raesene9 2996 days ago
one thing to watch there is that you have to be using a relatively recent version (1.9+ IIRC) to get encrypted at rest for secrets in base Kubernetes
link
Diederich 2996 days ago
At image startup you mean? Or while the image is actively running.
link
ownagefool 2996 days ago
If you use the file based secrets(or configmap), they'll be updated when the underlying secrets are.

Obviously your code would have to handle using these new secrets and not just simply read the file at startup.

link