Skip to content

Launchers - Kubernetes - Implement hiding of secrets #104

Open
Open
Launchers - Kubernetes - Implement hiding of secrets#104
Assignees
Ark-kun
@Ark-kun

Description

@Ark-kun
Ark-kun
opened on Feb 22, 2026

Secret arguments should be turned into Kubernetes Secret resources.
(Kubernetes secrets are multi-key dictionaries. Should we use per-user or per-Secret objects?)

Secret in env consumed using inputValue:

https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data

    env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          name: some-user
          key: username

Secret in command-line consumed using inputValue:

Use secret environment variable and Kubernetes env variable substitution
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#use-environment-variables-to-define-arguments
kubernetes/kubernetes#101137 (comment)

$(SECRET_ENV_NAME)

Secret consumed using inputPath:

https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume

spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: secrets/my-username

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions