0

I have a node.js application which is accessing environment variables like so:

const pool = mysql.createPool({
  host: process.env.MYSQL_HOST,
  user: process.env.MYSQL_USER,
  port: process.env.MYSQL_PORT,
  password: process.env.MYSQL_PASSWORD,
  database: process.env.MYSQL_DB
});

The deployment is done via Kubernetes. Some of the environment variables, such as MYSQL_HOST, MYSQL_DB are set in plain form, the MYSQL_PASSWORD, however, is set via a secret. And the problem is that the regular environment variables are read by my node.js application just fine while the MYSQL_PASSWORD is not. But the problem is that when I try to see the value of MYSQL_PASSWORD in the list of the environment variables in the container - it shows the correct value.

Here's how the environment variable in question is set in the deployment yaml:

- name: MYSQL_PASSWORD
  valueFrom:
      secretKeyRef:
         key: MYSQL_PASSWORD
         name: config-secret

And again - the value is visible when I run the env command in the container, but for some reason the node.js application doesn't pick it up.

Does anybody have any clue why my app would read the regular environment variables without issues but fails to read the ones set as secrets?

Thanks.

Improve this question
2
  • Can you share how you have created the secret and referred it in the deployment? Commented Oct 26, 2020 at 11:43
  • How did you add the other env variables? Is it using ConfigMaps or some other mechanism? Commented Oct 26, 2020 at 14:04

3 Answers 3

Reset to default
2

The key should be the once you used in your secret. For example, if you have:

kubectl create secret generic config-secret --from-literal=username=user --from-literal=password=pw

You should use it as follows:

- name: MYSQL_PASSWORD
  valueFrom:
    secretKeyRef:
      name: config-secret
      key: password

Note that the key is not the same as the env variable name. It should be the one used to set the secret's key.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, @Maroun, but that's exactly how it's currently set. The key in the secret is also MYSQL_PASSWORD. And when I do echo $MYSQL_PASSWORD in the container - it shows the correct value. But for some reason the node.js app doesn't pick it up.
0

Check if you have encoded the password value correctly. Sometimes, you encode "space" or "newline" character with the password as well and you end up having the wrong password.

Use btoa() and atob() functions to encrypt and decrypt the password.

Improve this answer

Comments

0

Probably there is some problem in your base 64 encoding, expecially in padding characters "=", see this Why does a base64 encoded string have an = sign at the end As an example both the strings "QUJDREVGRw==" and "QUJDREVGRw" are decoded in "ABCDEFG" but kubernetes is susceptible: the fisrt is correct, the latter will result in a error!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.