0
0
Kubernetesdevops~20 mins

Using Secrets as environment variables in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Secrets Env Vars Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Output of Pod Environment Variable from Secret
Given the following Kubernetes Pod YAML snippet, what will be the output of the command echo $API_KEY inside the container?

Pod YAML snippet:
apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: test-container
    image: busybox
    command: ["sh", "-c", "echo $API_KEY && sleep 3600"]
    env:
    - name: API_KEY
      valueFrom:
        secretKeyRef:
          name: mysecret
          key: api_key
AThe value of 'api_key' stored in the 'mysecret' Secret
BAn empty string because environment variables cannot come from Secrets
CThe literal string '$API_KEY'
DA runtime error because the Secret is not mounted as a volume
Attempts:
2 left
💡 Hint
Secrets can be referenced as environment variables using valueFrom.secretKeyRef.
Configuration
intermediate
2:00remaining
Correct Secret Reference in Pod Spec
Which of the following environment variable configurations correctly injects the Secret key password from Secret db-secret into the container environment variable DB_PASS?
A
env:
- name: DB_PASS
  secretKeyRef:
    name: db-secret
    key: password
B
env:
- name: DB_PASS
  valueFrom:
    configMapKeyRef:
      name: db-secret
      key: password
C
env:
- name: DB_PASS
  value: db-secret:password
D
env:
- name: DB_PASS
  valueFrom:
    secretKeyRef:
      name: db-secret
      key: password
Attempts:
2 left
💡 Hint
Use valueFrom.secretKeyRef to reference Secrets in environment variables.
Troubleshoot
advanced
2:00remaining
Why is the Secret environment variable empty?
A developer created a Secret named app-secret with key token. The Pod YAML references it as an environment variable APP_TOKEN using valueFrom.secretKeyRef. However, inside the container, echo $APP_TOKEN prints an empty line. What is the most likely cause?
AThe Secret <code>app-secret</code> does not exist in the same namespace as the Pod
BThe container image does not support environment variables
CThe Pod spec must mount the Secret as a volume to use it as an environment variable
DThe key <code>token</code> is misspelled in the Secret data
Attempts:
2 left
💡 Hint
Secrets are namespace-scoped and must be in the same namespace as the Pod.
🔀 Workflow
advanced
2:00remaining
Steps to Update a Secret Used as Environment Variable
You updated the value of a Kubernetes Secret api-keys used as an environment variable in a running Pod. What is the correct workflow to apply the new Secret value so the Pod sees the updated environment variable?
AUpdate the Secret, then patch the Pod to reload environment variables automatically
BUpdate the Secret, then delete the Pod to let the controller recreate it with the new Secret value
CUpdate the Secret, then exec into the Pod and export the new environment variable manually
DUpdate the Secret, then restart the container inside the Pod without deleting the Pod
Attempts:
2 left
💡 Hint
Pods do not automatically reload environment variables from updated Secrets.
Best Practice
expert
2:00remaining
Secure Handling of Secrets as Environment Variables
Which practice is the most secure when using Kubernetes Secrets as environment variables in Pods?
AEmbed Secrets directly in Pod YAML files to avoid external dependencies
BStore Secrets in plain text ConfigMaps and reference them as environment variables
CUse Secrets for sensitive data and restrict RBAC permissions to limit Secret access
DUse environment variables for Secrets only in development, and hardcode them in production containers
Attempts:
2 left
💡 Hint
Kubernetes Secrets are designed for sensitive data and access control is important.