Skip to content

Launchers - Kubernetes - Implement hiding of secrets #104

New issue
New issue
Open
Open
Launchers - Kubernetes - Implement hiding of secrets#104
@Ark-kun

Description

@Ark-kun
Ark-kun
opened on Feb 22, 2026

Secret arguments should be turned into Kubernetes Secret resources.
(Kubernetes secrets are multi-key dictionaries. Should we use per-user or per-Secret objects?)

Secret in env consumed using inputValue:

https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data

    env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          name: some-user
          key: username

Secret in command-line consumed using inputValue:

Use secret environment variable and Kubernetes env variable substitution
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#use-environment-variables-to-define-arguments
kubernetes/kubernetes#101137 (comment)

$(SECRET_ENV_NAME)

Secret consumed using inputPath:

https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume

spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: secrets/my-username

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions