Pods should not use secrets stored in environment variables¶
Providing access to secrets via volume mounts is preferred. Any secrets stored in environment variables could be exposed if the environment is logged or otherwise exposed by an application.
Kubernetes Manifest (YAML)¶
apiVersion: v1 kind: Pod metadata: name: hello spec: containers: - name: hello image: busybox command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600'] volumeMounts: - name: hello mountPath: "/etc/hello" readOnly: true volumes: - name: hello secret: secretName: mysecret # other required fields here