I have a mongo database and mongo-express running as Docker containers in Kubernetes Cluster. I have enabled mongo-express base authentication by assigning the username and the password to ME_CONFIG_BASICAUTH_USERNAME and ME_CONFIG_BASICAUTH_PASSWORD envs respectively, according to the documentation. https://github.com/mongo-express/mongo-express

After that the base authentication popup works and env credentials are validated correctly.

This approach - passing credentails as a plain text in mongo-express manifest file does not satisfy me. I would like to keep these sensitive credentials in secret Kubernetes object as base64 encoded strings.

The issue is that if I try to store mongo-express basic auth credentials in secret object this credentials are no longer valid so I cannot sign in to mongo-express UI.

I' am currently using secret values for example to storing mongodb credentials and there is no problem.

In mongo-express container the credentails are properly assigned to their envs. From the container point of view, the values ​​of the ME_CONFIG_BASICAUTH_USERNAME and ME_CONFIG_BASICAUTH_PASSWORD env variables are the same regardless of whether they were assigned from a secret or as a value in a mongo-express manifest.

I have reloaded secrets before the mongo-express deployment.

In short, if credentailes are passed as values ​​everything works fine, if as a secret, then sign in fails with no error.

Desired view for signed in users.

mongo-express manifest file:

# SERVICE
apiVersion: v1
kind: Service
metadata:
  name: mongo-express-service
  labels:
    app: mongo-express-service
spec:
  selector:
    app: mongo-express
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8081
---
# DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongo-express-deployment
  labels:
    app: mongo-express-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mongo-express
  template:
    metadata:
      labels:
        app: mongo-express
    spec:
      containers:
        - name: mongo-express
          image: mongo-express
          ports:
            - containerPort: 8081
          env:
            - name: ME_CONFIG_MONGODB_ADMINUSERNAME
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-root-username
            - name: ME_CONFIG_MONGODB_ADMINPASSWORD
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-root-password
            - name: ME_CONFIG_BASICAUTH_USERNAME
              # value: admin
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-basic-auth-username
            - name: ME_CONFIG_BASICAUTH_PASSWORD
              # value: admin
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-basic-auth-password
            - name: ME_CONFIG_MONGODB_SERVER
              valueFrom:
                configMapKeyRef:
                  name: mongo-config
                  key: mongo-server

mongo secret mainfest file:

# SECRET
apiVersion: v1
kind: Secret
metadata:
  name: mongo-secret
type: Opaque
data:
  mongo-root-username: XXXXXXXXXXXXXXXXXX
  mongo-root-password: XXXXXXXXXXXXXXXXXX
  mongo-basic-auth-username: YWRtaW4K
  mongo-basic-auth-password: YWRtaW4K