Applications are built to run in multiple environments: development, staging, prod, etc... These environments typically run the same code, but very often they require environment-specific configurations. For example, your application might need different passwords to access your database in staging or production, or you might want to use different Twilio API keys for different environments.
Application configuration should be passed at deployment time, not harcoded in your code. This way you can modify each environment’s configuration in isolation, while also preventing secure credentials from being stored in version control or worse, in Docker images.
Okteto Secrets allows you to save application configuration in Okteto Cloud, and automatically inject them during deployment time.
Manage Okteto Secrets from the Okteto Cloud UI
You can create and delete your Okteto Secrets from the
Secrets tab in the namespace view of the Okteto Cloud UI:
To create a new secret, click on the
Add Secret button, and provide a name and a value. The value will be masked once the secret is created.
To delete an existing secret, click on the Delete button on the right. You'll have to confirm your choice before the secret is deleted. Deleted secrets can't be recovered, so be careful when doing this.
Accessing Okteto Secrets from your Application
Okteto Secrets are automatically injected to every application you deploy in the namespace as environment variables.
Okteto Secrets take precedence over existing environment variables defined in your manifests. For example, if you define an environment variable with the name
PASSWORD in your deployment manifest, and you also create an Okteto Secret with the name
PASSWORD, the value for the
PASSWORD environment variable will be taken from the Okteto Secret.
Here's an example of how you can configure your application to work on different environments using Okteto Secrets.
Step 1: Deploy the Sample App
Get a local version of the Sample App by executing the following commands:
$ git clone https://github.com/okteto/secrets-getting-started$ cd secrets-getting-started
k8s.yml file contains the Kubernetes manifests of the Sample App. Deploy the application by executing:
$ kubectl apply -f k8s.yml
deployment.apps "hello-world" createdservice "hello-world" created
Open your browser and go to the URL of the application. You can get the URL by logging into Okteto Cloud and clicking on the application's endpoint:
The application returns a beautiful
Hello Tom! message 😀. The name comes from the value of the
HELLO_WORLD_USER environment variable, which is defined in the
k8s.yaml Kubernetes manifest:
containers:- image: okteto/hello-world:secretsname: hello-worldenv:- name: HELLO_WORLD_USERvalue: Tom
Step 2: Create the HELLO_WORLD_USER Okteto Secret
Go to the
Secrets tab in the namespace view of the Okteto Cloud UI. Click the
Add Secret button and define the
HELLO_WORLD_USER secret with your name:
Step 3: Redeploy the Sample App
Redeploy the Sample App to get your Okteto Secret by executing:
$ kubectl rollout restart deployment/hello-world
When the application is redeployed, Okteto Cloud will automatically inject your Okteto Secrets. Wait a couple of seconds for the application to finish redeploying, go back to the browser and refresh the page to see the new
Hello Cindy! message.