I am a beginner to Kubernetes. I have created a secret file and referred it in deployment yaml file.
app-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
username: YWRtaW4=
password: YWRtaW4=
deploy.yaml
env:
- name: DEPLOY_ENV
value: ${env}
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath : metadata.namespace
- name: APP_USERNAME
valueFrom:
secretKeyRef:
name: app-secret
key: username
- name: APP_PASSWORD
valueFrom:
secretKeyRef:
name: app-secret
key: passwordWhile using the command kubectl get secret pod-54rfxd -n dev-ns -o json, it is printing the username and password in encoded format only. When i query for the environment variables list using the command kubectl exec pod-54rfxd -n dev-ns -- printenv, it was giving below result.
APP_USERNAME=admin
APP_PASSWORD=adminWhy it was not in encoded format in environment variables. Could you please let me know the reason and is it possible to have it in encoded format?
Secret get stored with the base64 encoded format when you create the secret. hile adding or injecting the secret into the pod or deployment Kubernetes by default decode the secret with base64 so due to that you are getting the plain text from OS as environment variables.
there are some other option to encrypt at rest not encode.
https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets
https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengencryptingdata.htm
is it possible to have it in encoded format?
what you can do is to save the encoded .env file into secret and mount that file into the deployment path that .env file will be accessible to the application while content inside it will be encoded.
kubectl exec pod-54rfxd -n dev-ns -- printenv
this command only you can run maybe when you have admin permission of cluster otherwise not other can access inside the pod.