Documentation
SupportStatusCommunitySign Up
Start typing to search…

Mounted Container File (not recommended)

We no longer recommend mounting a .env file via a Doppler populated Kubernetes secret and instead, encourage you to use container environment variables where possible and only use mounted container files when necessary, e.g. TLS certificate.

❗️

Avoid Mounting an .env File

This guide was originally intended to help developers currently mounting a .env file inside their containers transition to Doppler as easily as possible.

But we've now taken a strong stance against using .env files in all cases so we no longer recommend this approach be taken.

Take a look at our documented alternatives:

If you're unsure of how to transition to using a non .env file solution for Kubernetes, reach out in the Doppler Community Forum or contact us at [email protected].

Prerequites

  • Experience with deploying applications on Kubernetes

Service Token

Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the DOPPLER_TOKEN environment variable.

Installation

If you're unable to alter your Docker image to use the Doppler CLI and your application requires a secrets or config file, this guide will show you how to use Doppler to create a Kubernetes secret to mount as a file inside your container.

Create Kubernetes Secret

For this example, we're mounting a .env file inside the container, although this approach works equally well for any file type.

kubectl create secret generic doppler-dotenv --from-literal dotenv="$(doppler secrets download --no-file --format env)"

Then describe the secret to ensure it was created successfully:

kubectl describe secret doppler-dotenv

Create Pod

Let's create a Pod that will use the doppler-dotenv secret to mount the .env file inside your container. Save the below Pod spec as doppler-dotenv-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: doppler-dotenv
spec:
  restartPolicy: Never
  containers:
    - name: doppler-dotenv
      image: alpine
      # Cat the file for testing purposes only
      args: ["cat", "/usr/src/app/secrets/.env"]
      volumeMounts:
        - name: secret-volume
          readOnly: true
          mountPath: /usr/src/app/secrets
  volumes:
    - name: secret-volume
      secret:
        secretName: doppler-dotenv
        items:
          - key: dotenv
            path: .env

Create the Pod by running:

kubectl apply -f doppler-dotenv-pod.yaml

To confirm the .env file was mounted successfully, view the container logs:

kubectl logs doppler-dotenv

You should see the contents of the .env file as output in the logs.

Cleaning up

To delete the Kubernetes Secret and Pod we created, run:

kubectl delete pod/doppler-dotenv secret/doppler-dotenv
👍

Awesome Work!

Now you know to use Doppler to create a Kubernetes secret to mount as a file inside your container.

Updated 27 days ago