Container Environment Variables

Doppler CLI synced Kubernetes secret as environment variables

Prerequites

  • Experience with deploying applications on Kubernetes

Service Token

Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the DOPPLER_TOKEN environment variable.

Installation

If you're unable to alter your Docker image to use the Doppler CLI, this guide will show you how to use Doppler to create a Kubernetes secret to supply environment variables in your container.

Create Kubernetes Secret

We will create a secret in Kubernetes using a secrets.env file as input.

kubectl create secret generic doppler-env-vars --from-env-file <(doppler secrets download --no-file --format docker)

Then describe the secret to ensure it was created successfully:

kubectl describe secret doppler-env-vars

πŸ“˜

The --format docker flag also flattens multi-line secrets due to limitations with kubectl. If you have multi-line secrets, we suggest using the container mounted file option.

Create Pod

Let's create a Pod that will use the doppler-env-vars secret to create an environment variable for every key defined in the secret's data. Save the below Pod spec as doppler-env-vars-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: doppler-env-vars
spec:
  restartPolicy: Never
  containers:
    - name: doppler-env-vars
      image: alpine
      args: ["printenv"] # Used for testing purposes only
      # Populates every key in the secret as an env var
      envFrom:
        - secretRef:
            name: doppler-env-vars

Create the Pod by running:

kubectl apply -f doppler-env-vars-pod.yaml

To confirm the environment variables were set correctly, view the container logs:

kubectl logs doppler-env-vars

You should see a list of environment variables printed containing your secrets.

Cleaning up

To delete the Kubernetes Secret and Pod we created, run:

kubectl delete pod/doppler-env-vars secret/doppler-env-vars

πŸ‘

Awesome Work!

Now you know how to use Doppler to create a Kubernetes secret to supply environment variables to your container. Keep reading to learn how to mount a Doppler created secrets file in Kubernetes.


Did this page help you?