Search⌘ K
Home
Courses
Kubernetes in Practice

Mounting Secrets as Files

Explore how to mount Kubernetes Secrets as files within containers to manage sensitive data securely. Understand the differences between mounting secrets as files versus using environment variables, including potential security risks involved with environment variables exposing sensitive information during application errors or child process inheritance.

We'll cover the following...

Just like we did with ConfigMaps, we can also mount Secrets as files in our containers:

YAML
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hellok8s
spec:
  replicas: 2
  selector:
    matchLabels:
      app: hellok8s
  template:
    metadata:
      labels:
        app: hellok8s
    spec:
      volumes:
        - name: secrets
          secret:
            secretName: hellok8s-secret
      containers:
      - image: brianstorti/hellok8s:v4
        name: hellok8s-container
        volumeMounts:
          - name: secrets
            mountPath: /secrets

Run the code below, and see if it works.

apiVersion: v1
kind: Secret
metadata:
  name: hellok8s-secret
data:
  SECRET_MESSAGE: "SXQgd29ya3Mgd2l0aCBhIFNlY3JldAo="
Testing our application
R
kubectl apply -f deployment.yaml
kubectl apply -f hellok8s-secret.yaml
kubectl get pods
# NAME                        READY   STATUS    RESTARTS
# hellok8s-6696859cbd-72g9b   1/1     Running   0       
# hellok8s-6696859cbd-hbczd   1/1     Running   0       
# Replace the pod anme to what you have running locally
kubectl exec -it hellok8s-6696859cbd-72g9b -- \
cat /secrets/SECRET_MESSAGE
# It works with a Secret
...