Open venom90 opened 3 years ago
This is perhaps a bug in sealed secrets, as the docs mention: https://kubernetes.io/docs/concepts/configuration/secret/#consuming-secret-values-from-environment-variables
Inside a container that consumes a secret in the environment variables, the secret keys appear as normal environment variables containing the base64 decoded values of the secret data. This is the result of commands executed inside the container from the example above:
secretKeyRef
is expected to supply the decoded value to the container.
Hello Team,
I'm trying to encrypt HASURA_GRAPHQL_ADMIN_SECRET and HASURA_GRAPHQL_DATABASE_URL using Kubernetes sealed secrets.
Following is my k8s secret: hasura.secrets.yaml
Then I converted my secrets to encrypted format using kubeseal
It generated following sealed secret:
Once I deploy this sealed secret it is creating k8s secret in the cluster. The problem is sealed secret is now converting the encrypted data into base64 instead of plain text.
I'm using it in deployment.yaml like following:
Since the secret is now in base64 Hasura GraphQL engine is failing to start. Is there a way to somehow convert the base64 string into plain text or pass base64 as it is to these environment variables and Hasura engine converts into plain text?