0
0
KubernetesHow-ToBeginner · 4 min read

How to Use Kubernetes Secret as Environment Variable

In Kubernetes, you can use a Secret as an environment variable by referencing it in your pod's container spec under env with valueFrom.secretKeyRef. This securely injects secret data as environment variables inside your container.
📐

Syntax

To use a Kubernetes Secret as an environment variable, define it in the pod spec under containers.env using valueFrom.secretKeyRef. This tells Kubernetes to fetch the secret's value and set it as the environment variable.

  • name: The environment variable name inside the container.
  • valueFrom.secretKeyRef.name: The name of the Kubernetes Secret.
  • valueFrom.secretKeyRef.key: The specific key inside the Secret to use.
yaml
env:
  - name: SECRET_USERNAME
    valueFrom:
      secretKeyRef:
        name: my-secret
        key: username
💻

Example

This example shows a pod that uses a Secret named my-secret to set environment variables SECRET_USERNAME and SECRET_PASSWORD inside the container.

yaml
apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
stringData:
  username: admin
  password: s3cr3t
---
apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: app
    image: busybox
    command: ["sh", "-c", "env; sleep 3600"]
    env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: username
    - name: SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: password
Output
SECRET_USERNAME=admin SECRET_PASSWORD=s3cr3t ... (other environment variables)
⚠️

Common Pitfalls

  • Not creating the Secret before the pod uses it causes pod startup failure.
  • Using the wrong Secret name or key results in environment variables being empty or pod errors.
  • Exposing secrets in logs or command output can leak sensitive data.
  • Forgetting to set the correct permissions on Secrets can lead to unauthorized access.
yaml
env:
  - name: SECRET_USERNAME
    valueFrom:
      secretKeyRef:
        name: wrong-secret-name  # Wrong secret name causes failure
        key: username

# Correct way:
env:
  - name: SECRET_USERNAME
    valueFrom:
      secretKeyRef:
        name: my-secret
        key: username
📊

Quick Reference

FieldDescription
env[].nameName of the environment variable inside the container
env[].valueFrom.secretKeyRef.nameName of the Kubernetes Secret
env[].valueFrom.secretKeyRef.keyKey inside the Secret to use as value
Secret typeUsually 'Opaque' for generic secrets
Secret creationUse 'kubectl create secret' or YAML manifest

Key Takeaways

Create the Kubernetes Secret before referencing it in pod environment variables.
Use 'valueFrom.secretKeyRef' in the pod spec to inject secret values as env variables.
Ensure the Secret name and key match exactly to avoid errors or empty values.
Avoid exposing secret values in logs or error messages to keep data safe.
Set proper RBAC permissions to control access to Secrets in your cluster.

Related by keyword

How to Check Cluster Info in Kubernetes QuicklyGetting StartedHow to Check Kubernetes Version Quickly and EasilyGetting StartedHow to Install Kubernetes: Step-by-Step GuideGetting StartedKubernetes vs Docker Compose: Key Differences and When to Use EachGetting StartedKubernetes vs Docker: Key Differences and When to Use EachGetting Started

Up next

What is Service in Kubernetes: Definition and UsageWhen to Use Headless Service in Kubernetes: Explained SimplyHow to Create Namespace in Kubernetes: Simple StepsHow to Delete Namespace in Kubernetes: Simple Commands & Tips

More in ConfigMaps and Secrets

ConfigMap vs Secret in Kubernetes: Key Differences and UsageHow to Create ConfigMap from File in KubernetesHow to Create ConfigMap from Literal in KubernetesHow to Create ConfigMap in Kubernetes: Simple Guide