0

I have created a secret in Kubernetes and mounted it in a volume, so part of the yaml file looks like this:

volumeMounts:
            - name: test-key
              readOnly: true
              mountPath: /opt/key

Then the secret itself contains:

enter image description here

My problem comes when trying to retrieve it using in Spring. How I'm supposed to do it? What I've tried so far is setting in the application.properties --> spring.datasource.private-key=${PRIVATE_KEY} but it's not working. It gives me a placeholder error:

Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'spring.datasource.private-key' in value "${spring.datasource.private-key}"

Any idea what I'm doing wrong?

UPDATE:

This is the way that Im reading the secret in spring, but it still give me the same error related to the placeholder when deploying:

@Value("${spring.datasource.private-key}")
   private String privateKey;

@Bean
    public PrivateKey getPrivateKeyFromEnvironmentVariable() throws IOException, NoSuchAlgorithmException {
        List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles());

        String key;
        if(activeProfiles.contains(LOCAL_ENVIRONMENT_NAME) ) {
            key = resourceUtil.asString(LOCAL_PRIVATE_KEY_RESOURCE_PATH);
        } else if(activeProfiles.contains(TEST_ENVIRONMENT_NAME)) {
            key = generatePrivateKey();
        } else {
            //key = System.getenv(PRIVATE_KEY_ENVIRONMENT_VARIABLE_NAME);
            key = privateKey;
        }
DiegoMG
  • 383
  • 1
  • 4
  • 18

1 Answers1

0

I have created a secret in Kubernetes and mounted it in a volume.

But the sprint boot expects environment variable for the PRIVATE_KEY. So only binding will not help.

so I will suggest to create secrets


apiVersion: v1
data:
  private_key: YWRtaW4=
kind: Secret
metadata:
  name: mysecret
type: Opaque

Now reference this secret and set as an environment variable so sprintboot can understand.

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: busybox
    command: ["env"]
    env:
      - name: PRIVATE_KEY
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: private_key

if you run this, there will be an env name PRIVATE_KEY with value admin that is base64 YWRtaW4= in the secret file.

Adiii
  • 54,482
  • 7
  • 145
  • 148
  • Hello Adiii, so how can I change my code to read it from the properties? – DiegoMG Aug 23 '22 at 10:26
  • you do not really need to manage anything, just `spring.datasource.private-key=${PRIVATE_KEY}` and it will read from env i.e `PRIVATE_KEY` – Adiii Aug 23 '22 at 10:27
  • so make sure to set `PRIVATE_KEY` in the environment variable – Adiii Aug 23 '22 at 10:27
  • Ok. And what't the difference between the envFrom and the env in the yaml. How do I read the envFrom, if it's possible. – DiegoMG Aug 23 '22 at 10:35
  • Env from reading the secret, while the plan env is same as kind of bash export – Adiii Aug 23 '22 at 11:16
  • There are two manifest, one create secret, and second manifest read the value from the first manifest which create secret having name my secret – Adiii Aug 23 '22 at 11:17
  • Ok thank you! Still not working. I've updated the question – DiegoMG Aug 23 '22 at 11:54
  • you need to update deployment, better to post the manifest – Adiii Aug 23 '22 at 12:42
  • as it already defined in property file so you need get it from property, not from env https://stackoverflow.com/questions/30528255/how-to-access-a-value-defined-in-the-application-properties-file-in-spring-boot – Adiii Aug 23 '22 at 12:43
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/247485/discussion-between-diegomg-and-adiii). – DiegoMG Aug 23 '22 at 14:06