Kubernetes Secrets
Kubernetes Secrets are a good way to deliver sensitive data to the applications running in the cluster. SchemaHero supports reading parameters from secrets, using a syntax that's familiar to anyone who's written Kubernetes pods specs before.
To set up a connection to a postgres database using a connection URI stored in a secret:
apiVersion: databases.schemahero.io/v1alpha4
kind: Database
metadata:
name: my-pg
namespace: namespace
spec:
connection:
postgres:
uri:
valueFrom:
secretKeyRef:
name: postgres
key: uri
The above custom resource assumes that a postgres secret with a uri key was already deployed, like this:
apiVersion: v1
kind: Secret
metadata:
name: postgres
data:
uri: cG9zdGdyZXM6Ly9zY2hlbWFoZXJvOnBhc3N3b3JkQHBvc3RncmVzOjU0MzIvZ2l0aHVi