Replies: 1 comment 3 replies
-
Doesn't Rails secrets offer effectively the same functionality as this? (in an encrypted file and not affecting environment variable limits) Or are you deploying a non-Rails application? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've been pondering a migration from cloud Kubernetes (deploys using krane) to mrsk.
A feature we use with k8s is mounting some secrets as files in the container rather than as environment variables.
In k8s, you can create a
volume
sourced from the key-value pairs of a k8s secret. Then you can mount that volume in the container's filesystem, and each item in that secret appears as a file.Now every entry in the k8s secret
my-file-secrets
appears as a read-only file in/opt/run/secrets
. Nice!The most immediate benefit here is being able to run
env
and get legible output, and evenenv | sort
. Mostly useful for debugging, of course.The more important benefit is that there's a size limit to environment variables:
The general concept would be similar to
.env.erb
where data is generated at deployment time and then available in the running container, so it wouldn't even be specific to secrets.Does this make sense for mrsk and secret/generated data?
Beta Was this translation helpful? Give feedback.
All reactions