top | item 37859022 (no title) 89vision | 2 years ago do you have any examples of more secure ways of injecting secrets? discuss order hn newest dharmab|2 years ago Check out the Secrets Operator for Kubernetes. Injects your secrets from a secrets store as a file mounted into your container. marwis|2 years ago And how is /var/run/secrets any more secure than env?I guess you avoid the risk of accidentally logging secrets with other env variables but otherwise it seems to be just as secure/insecure. load replies (2) 89vision|2 years ago how does the application pick it up? We use the built in secrets that are injected into the container as env vars and then the application picks it up that way. Not trying to sound combative, just looking for better ways to do things. load replies (1)
dharmab|2 years ago Check out the Secrets Operator for Kubernetes. Injects your secrets from a secrets store as a file mounted into your container. marwis|2 years ago And how is /var/run/secrets any more secure than env?I guess you avoid the risk of accidentally logging secrets with other env variables but otherwise it seems to be just as secure/insecure. load replies (2) 89vision|2 years ago how does the application pick it up? We use the built in secrets that are injected into the container as env vars and then the application picks it up that way. Not trying to sound combative, just looking for better ways to do things. load replies (1)
marwis|2 years ago And how is /var/run/secrets any more secure than env?I guess you avoid the risk of accidentally logging secrets with other env variables but otherwise it seems to be just as secure/insecure. load replies (2)
89vision|2 years ago how does the application pick it up? We use the built in secrets that are injected into the container as env vars and then the application picks it up that way. Not trying to sound combative, just looking for better ways to do things. load replies (1)
dharmab|2 years ago
marwis|2 years ago
I guess you avoid the risk of accidentally logging secrets with other env variables but otherwise it seems to be just as secure/insecure.
89vision|2 years ago