Secret Injection Patterns
How to inject secrets into applications.
Secret Injection Patterns
How to inject secrets into applications.
Environment variables
The platform does not currently ship a Kubernetes-native valueFrom provider.
SDK-based injection
Fetch secrets at startup using the Vault SDK and populate process env variables in your application.
File-based injection
For Kubernetes-native file injection, prefer integrating via External Secrets Operator (webhook provider) and syncing into a Kubernetes Secret.
SDK injection
Node.js
// Use the Vault SDK and store returned secret material in env/config
// (example shape depends on how you store your secret payload)
Non-TypeScript SDK examples are not provided in this repo.
Best practices
- Never log secrets
- Use short TTLs
- Rotate on deployment
- Audit access