Reputation: 444
Reading Secret from Google secret manager and pass as environment variable in Pod
I am storing secrets in google cloud secret manager in JSON format and need to read each key and pass the value as environment variable. I have refered various blogs but not able to do so. In AWS, I was able to do it using JMESPATH, it would be great if some one could help me to achieve the same.
{
"value-A": "abscd"
"value-B": "sdskdf"
}
I need to Need Value-A and pass as environment variable. Similary Value-B as environment variable in the pod. so I could read the values using ${value-A} and ${value-B}
Upvotes: 0
Views: 142
Answers (2)
Reputation: 197
I tried to replicate using your access secret data in a Pod by combining through a Volume and container environment variables which gives the desired values that you needed.
Here are the steps:
- Create and apply a secret in JSON format as my-secret.json:
{
"value-A": "abscd"
,"value-B": "sdskdf"
}
- Create and apply pod with this configuration:
apiVersion: v1
kind: Pod
metadata:
name: secret-test-pod
spec:
containers:
- name: test-container
image: nginx
volumeMounts:
# Mount the secret as a volume
- name: secret-volume
mountPath: /etc/secret-volume
readOnly: true
envFrom:
# Inject the secret as environment variables
- secretRef:
name: my-secret
volumes:
- name: secret-volume
secret:
secretName: my-secret
- Get a shell into the Container that is running in your Pod:
kubectl exec -i -t secret-test-pod(metadata_name) -- /bin/bash
- In your shell, display the contents of the value-A and value-B from JSON file:
# Run this in the shell inside the container
echo "$( cat /etc/secret-volume(volumes name)/value-A )"
echo "$( cat /etc/secret-volume(volumes name)/value-B )"
- The output is your values-A & values-B only.
For alternative approaches, use the Secret Manager add-on for GKE.
Upvotes: 0
Reputation: 2189
I highly doubt that's possible, I also don't see why you would want to do this, you have 2 much more maintainable options already:
- Store value-A and value-B in different secret fields
- Store the whole thing as a single json string in a secret and parse them with a json lib at runtime
Upvotes: 0
Related Questions
- How to fetch secret values for K8s environment variables using GCP Secret Store CSI Driver
- Example of how to use secrets-init container in a Kubernetes deployment to access secrets from Google Secret Manager?
- Reading Google Cloud Run mounted secret
- Google Cloud Function: Expose Secret as Environment Variable?
- Retrieving environment variables in Google Cloud stored in secret manager
- How would you access Google Secret Manager from an external environment?
- How to inject secrets from Google Secret Manager into Kubernetes Pod as environment variable?
- Access Secret Manager of multiple google cloud projects using google-cloud-secretmanager client library in java
- Google Cloud Secret Manager prints unnecessary debug information when running in compute engine
- DotNet User secrets stored in Google Secret Manager