[jeffstephens]

Kubernetes has great built-in support for injecting secrets as either environment variables (like API keys) or volume mounts (for things like certs). You can configure them to be encrypted at rest as well.

https://kubernetes.io/docs/concepts/configuration/secret/

https://kubernetes.io/docs/tasks/administer-cluster/encrypt-...

[raesene9]

one thing to watch there is that you have to be using a relatively recent version (1.9+ IIRC) to get encrypted at rest for secrets in base Kubernetes