Mount secrets to pods in kubernetes and access them as environment variables

If you’re here, you probably already know the importance of secret management and you want to learn how it’s done in kubernetes or how to keep secrets separate from code, Helm values, and Git.

This page provides a masterclass on mounting secrets to a pod in Kubernetes and accessing them as environment variables in a container’s shell.

Follow along….

1. Create a minikube cluster.

minikube start

2. Create a test namespace.

kubectl create ns <name_of_the_namespace>

3. Create a secret.

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=supersecret -n secret-mount

4. Check the secret contents

kubectl get secret -n secret-mount my-secret -oyaml

For easy copy and paste

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded "admin"
  password: c3VwZXJzZWNyZXQ=  # base64 encoded "supersecret"

6. Mount the secret to a pod

Pod configuration

apiVersion: v1
kind: Pod
metadata…