kubernetes environment-variables docker-volume kubernetes-security kubernetes-secrets

Kubernetes Secrets Volumes vs Environment Variables

Is there a recommended way to use Kubernetes Secrets? They can be exposed as environment variables or using a volume mount. Is one more secure than the other?

Solution

https://www.oreilly.com/library/view/velocity-conference-2017/9781491985335/video316233.html

Kubernetes secrets exposed by environment variables may be able to be enumerated on the host via /proc/. If this is the case it's probably safer to load them via volume mounts.

Openshift: unable to validate against any security > context constraint
Is possible to pass environment variables to yml manifests while running a Github Action?
Kubernetes: Unable to create replicaSet: error: no objects passed to create
How to access kind control plane port from another docker container?
Multi-Attach error for volume <pvcname> Volume is already exclusively attached to one node and can't be attached to another
How to use git-sync image as a sidecar in kubernetes that git pulls periodically
Manage resources generated by other resources
How to override default chart values in terraform using helm provider?
Minikube "icacls failed applying permissions "
Kubectl error : [memcache.go:265] couldn't get current server API group list
kubectl logs deploy/my-deployment does not show logs from all pods
Kubernetes worker node is NotReady due to CNI plugin not initialized
Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
Conflicting NetworkPolicies in kubernetes
Why does my GKE cluster not show any events?
Kubernetes NFS Persistent Volumes - multiple claims on same volume? Claim stuck in pending?
Encountering connection problems with PostgreSQL when using psycopg2 on a port that has been forwarded
The connection to the server localhost:8080 was refused
GKE gateway API: Control open ports on default firewall rule
How to use Kubernetes secret object stringData to store base64 encoded privateKey
K8s cluster deployment error: nc: bad address 'xx'
Ingress path redirection, helm chart
fluentd with OpenSearch - where does the @timestamp field come from?
How can I keep a container running on Kubernetes?
kubectl logs displays only 'API server listening at: [::]:40000' when remote debugging with dlv is enabled - How do I get my logs back?
failed calling webhook "vingress.elbv2.k8s.aws"
Kubernetes - Frontend pod can't reach backend pod
How to access Kubernetes API when using minkube?
What is Difference between KubernetesManifest@0 and KubernetesManifest@1 in Yaml pipeline?
kube-prometheus-stack issue scraping metrics