K
Q

Accessing sensitive user credentials in entrypoint.sh of docker

9/26/2019

Trying to create a few Airflow connections and executing the command in entrypoint.sh file which is passed as entrypoint file in the dockerfile. As these database credentials are very sensitive, is it possible that we store them securely in kubernetes or any other place on GCP and based on the local, staging or production we' populate them in the entrypoint.sh?

-- N. L
docker
docker-compose
docker-entrypoint
google-cloud-platform
kubernetes

Similar Questions

Creating a cluster-wide readonly user in Kubernetes using RBAC for Grafana
What is the best way to mount files generated by one pod on another pod (before it starts) on a different node in GCP?
Controlling the maximum resources utilized by a k8s namespace
Direct Traffic to a Kubernetes Pod Based on Initial Connection
Bitnami Odoo Addons over Init Container not work

1 Answer

9/26/2019

You can store them as kubernetes secret and mount them as an environment variable that will be accessible by entrypoint.sh

Remember kubernetes secret just encode secret as base64 otherwise you can use sealed secrets.

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never
-- yogesh kunjir
Source: StackOverflow