CODEWITHSUNDEEP
javaspring-bootkubernetes
Faraz
Faraz

Reputation: 6265

Read secrets in Springboot deployed on Kubernetes

I have secrets configured in config/yaml file. There is one secret value that is causing trouble. I just want to print out the value being injected:

apiVersion: v1
kind: ConfigMap
metadata:
name: myapplication-config
data:
  config.yaml: |
    'mysecret1': ${DB_PASSWORD}
    'mysecret2': ${ANOTHER_SECRET}

I make a GET request to the controller to print out the secret:

@Autowired
Environment env;

@GetMapping("/test")
public String print(){
  System.out.println(env.getProperty("mysecret2"));
}

When I print it, it throws an error:

Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'mysecret2' in value "${mysecret2}" at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:172)

Any idea how I can check the secrets sent to the application from config/env/dev/config.yaml?

Upvotes: 2

Views: 5028

Answers (2)

likejudo
likejudo

Reputation: 3726

Perhaps an easier way to read the environment variable from the Kubernetes secret is using @Value in Spring Boot

@GetMapping("")
public String alive(@Value("${ENCOURAGE_PASSWORD:default-secret}") String passwordFromSecret, @RequestParam(value = "password", defaultValue = "default-input") String passwordFromUser) {
    if(passwordFromSecret.equals(passwordFromUser)) {
        return greeting + " dear user. Thank you Jesus for I am alive, yay!" + " but now I am busy learning, so " + farewell;
    } else {
        return "No entry - you did not provide the password! You provided: " + passwordFromUser + " Next time :) say: " + passwordFromSecret;
    }
}

Here is how you would set the password ("open") in a secret and pass on to Kubernetes

$kubectl create secret generic PASSWORD --from-literal=password=open --prefix=ENCOURAGE_

$ k edit deployments.apps regular-encourager

        - name: ENCOURAGE_PASSWORD
          valueFrom:
            secretKeyRef:
              key: PASSWORD
              name: regenc-secret
              
$ k get secrets regenc-secret -o yaml

apiVersion: v1
data:
  PASSWORD: b3Blbg==
kind: Secret              

$ kubectl set env --from=secret/regenc-secret --prefix=ENCOURAGE_ deployment/regular-encourager

$ echo b3Blbg== | base64 -d
$open

verify the value in the environment in k8s by opening a shell

$ k exec -it regular-encourager-cfbc859c5-nbb6w -- bash
root@regular-encourager-cfbc859c5-nbb6w:/app# env
FAREWELL_FROM_ENVIRONMENT_VARIABLE=Bon Voyage
ENCOURAGE_PASSWORD=open

now test it

# curl  http://localhost:8080/?password=ope

No entry - you did not provide the password! You provided: ope Next time :) say :open

root@regular-encourager-cfbc859c5-nbb6w:/app# curl  http://localhost:8080/?password=open
HOLA! dear user. Thank you Jesus for I am alive, yay! but now I am busy learning, so Bon Voyage
root@regular-encourager-cfbc859c5-nbb6w:/app#

Upvotes: 1

Faraz
Faraz

Reputation: 6265

I was able to read them thru environment variable:

@Autowired 
private org.springframework.core.env.Environment env;

//inside some method
@GetMapping("/test")
public String print(){
  System.out.println(env.getProperty("mysecret2"));
}

I tried using below but that didn't work.

@Value("${mysecret2})
private String mySecret2; //didn't work

....

System.getEnv("mySecret2"); //didn't work
System.getProperty("mySecret2"); //didn't work

Upvotes: 2

Related Questions