- Experience with deploying applications on Kubernetes
Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the
DOPPLER_TOKEN environment variable.
If you're unable to alter your Docker image to use the Doppler CLI, this guide will show you how to use Doppler to create a Kubernetes secret to supply environment variables in your container.
We will create a secret in Kubernetes using a
secrets.env file as input.
kubectl create secret generic doppler-env-vars --from-env-file <(doppler secrets download --no-file --format docker)
Then describe the secret to ensure it was created successfully:
kubectl describe secret doppler-env-vars
--format dockerflag also flattens multi-line secrets due to limitations with
kubectl. If you have multi-line secrets, we suggest using the container mounted file option.
Let's create a Pod that will use the
doppler-env-vars secret to create an environment variable for every key defined in the secret's data. Save the below Pod spec as
apiVersion: v1 kind: Pod metadata: name: doppler-env-vars spec: restartPolicy: Never containers: - name: doppler-env-vars image: alpine args: ["printenv"] # Used for testing purposes only # Populates every key in the secret as an env var envFrom: - secretRef: name: doppler-env-vars
Create the Pod by running:
kubectl apply -f doppler-env-vars-pod.yaml
To confirm the environment variables were set correctly, view the container logs:
kubectl logs doppler-env-vars
You should see a list of environment variables printed containing your secrets.
To delete the Kubernetes Secret and Pod we created, run:
kubectl delete pod/doppler-env-vars secret/doppler-env-vars
Now you know how to use Doppler to create a Kubernetes secret to supply environment variables to your container. Keep reading to learn how to mount a Doppler created secrets file in Kubernetes.
Updated 5 months ago