Example Secret:
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: my-k8s-secret
spec:
backendType: gcpSecretsManager
projectId: my-project
data:
- key: my-cluster-my-secret
version: latest
name: SECRET_KEY
property: SECRET_KEY
Example Pod using the secret:
apiVersion: v1
kind: Pod
metadata:
name: secret-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- secretRef:
name: my-k8s-secret
Create the secret:
echo '{ "SECRET_KEY": "here is a value", "ANOTHER_KEY": "here is another value" }' | gcloud beta secrets create my-cluster-my-secret --data-file=- --replication-policy=user-managed --locations=us-central1
Access the secret value:
gcloud beta secrets versions access latest --secret=my-cluster-my-secret
Update a secret (create a new version and set it latest):
echo '{ "SECRET_KEY": "here is a different value", "ANOTHER_KEY": here is another value", "NEW_KEY": "here is a new value" }' | gcloud beta secrets versions add my-cluster-my-secret --data-file=-
Delete a secret:
gcloud beta secrets delete my-cluster-my-secret