Hardcoding sensitive data—passwords, API keys, and certificates—in application code creates security risks and makes credential rotation difficult. Kubernetes Secrets (K8s Secrets) let you decouple sensitive data from your application code and inject it into containers at runtime. This topic describes how to inject a K8s Secret from an SAE namespace into a container.
Prerequisites
Before you begin, ensure that you have:
A K8s Secret created in the target namespace. For more information, see Manage and use secrets (K8s Secret)
Inject a Secret
The steps for injecting a Secret differ depending on whether you are creating a new application or updating an existing one. Follow the procedure for your scenario.
Create an application
Log on to the SAE console. In the left-side navigation pane, choose Applications > Applications. In the top navigation bar, select a region and a namespace from the Namespace drop-down list, and then click Create Application.
Complete the Basic Information section, and then click Next: Advanced Settings.
Expand the Secret area and configure the parameters. For details, see Configure Secret parameters.
Modify a running application
After you redeploy an application, the application is restarted. To prevent unpredictable errors such as business interruptions, we recommend that you deploy applications during off-peak hours.
Log on to the SAE console. In the left-side navigation pane, choose Applications > Applications. In the top navigation bar, select a region and a namespace from the Namespace drop-down list, and then click the application name.
On the Basic Information page, expand the Secret area and configure the parameters. For details, see Configure Secret parameters.
Click Deploy Application.
Modify a stopped application
Log on to the SAE console. In the left-side navigation pane, choose Applications > Applications. In the top navigation bar, select a region and a namespace from the Namespace drop-down list, and then click the application name.
On the Basic Information page, click Modify Application Configurations.
Expand the Secret area and configure the parameters. For details, see Configure Secret parameters.
Configure Secret parameters
To create a Secret without leaving this page, click Create a Secret in the Secret area. Alternatively, create one in advance on the Namespaces page.
In the Secret area, click +Add and configure the following fields:
| Field | Description |
|---|---|
| The name of the secret | Select the Secret to inject from the drop-down list. |
| Key | Select the key from the Secret to mount. To mount all keys, select All. This mounts all keys from the secret to the specified path. |
| Mount Path | Enter the container path where the Secret is mounted. |
