kubernetes environment-variables docker-volume kubernetes-security kubernetes-secrets

Kubernetes Secrets Volumes vs Environment Variables

Is there a recommended way to use Kubernetes Secrets? They can be exposed as environment variables or using a volume mount. Is one more secure than the other?

Solution

https://www.oreilly.com/library/view/velocity-conference-2017/9781491985335/video316233.html

Kubernetes secrets exposed by environment variables may be able to be enumerated on the host via /proc/. If this is the case it's probably safer to load them via volume mounts.

kubeadm v1.7.2 hostname "" could not be reached
At least one invalid signature was encountered
Kubectl - List only namespaces a user can access
Deploying sites on Kubernetes pods and deployment not showing
Kubernetes resources
How to delete an API resource in Kubernetes?
how to connect a kubernetes pod to the outside world without a forwarding rule (google container engine)
Get IP addresses of all k8s pods from within a container
How to sign in kubernetes dashboard?
how to setup nginx ingress with http proxy
Kubernetes HPA won't scale up even when the used memory is more than the average memory limit specified
Manage terminationGracePeriodSeconds over 600 seconds
Spring Cloud Kubernetes ConfigMap reload not working
How to pull source codes from TFS for building images in openshift pipeline
How can I resolve “server gave HTTP response to HTTPS client”
Why can't I attach a service type ClusterIP to Ingress on GKE?
Not able to completely remove Kubernetes CustomResource
Does periodSeconds in Kubernetes probe configuration count from the last probe time or the last response/failure time?
How to run Nextjs Backend with NextAuth alongside Keycloak in Local Kubernetes
Apply Prisma Migrations to Multiple Environments with Kubernetes
startup exception for aspnet core worker docker container attempting to set secret from env variable in Kubernetes
KerberosAuthException in Argo for using PySpark
How to avoid platform based NoSuchFileException when using java.nio.file.Paths?
RBAC: roles with multiple namespaces
is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
Can I use helm for fire and forget k8s Jobs?
How to add swap memory in kubernetes pods?
AKS Network Policy Manager vs Azure Cilium Network Policies
Docker login on ECR fails with 400 Bad Request on Powershell from Jenkins