Kubernetes Secrets

Kubernetes Secrets are a good way to deliver sensitive data to the applications running in the cluster. SchemaHero supports reading parameters from secrets, using a syntax that's familiar to anyone who's written Kubernetes pods specs before.

To set up a connection to a postgres database using a connection URI stored in a secret:

apiVersion: databases.schemahero.io/v1alpha4
kind: Database
metadata:
  name: my-pg
  namespace: namespace
spec:
  connection:
    postgres:
      uri:
        valueFrom:
          secretKeyRef:
            name: postgres
            key: uri

The above custom resource assumes that a postgres secret with a uri key was already deployed, like this:

apiVersion: v1
kind: Secret
metadata:
  name: postgres
data:
  uri: cG9zdGdyZXM6Ly9zY2hlbWFoZXJvOnBhc3N3b3JkQHBvc3RncmVzOjU0MzIvZ2l0aHVi