https://helm.sh/

Concat a string and a secret to build an env variable in a helm template

How to concatenate a secret value with a string to build an env variable to package in a helm template

We currently use kubernetes (v 1.6.3) to host our apps. When deploying a symfony 3.4 app, I needed to define the DATABASE_URL env.

The DATABASE_URL store typically a string like db_motor://db_user:db_password@host:port/db_name

This env variable is obviously a highly sensible information so it needs to be stored as a secret.

However, since secrets must be base 64 encoded, a string like db_motor://db_user:db_password@host:port/db_name does not work.

The most important information is the db_password.

Let’s set up a deployment with a file of env variables to declare.

Let’s say we need to define these few env below:

First we create our secret with helm to store the bd password.

Next, we include in our deployment the env file we are going to define.

Finally, we create a web.env file.

In it, we can store the secret in an env variable DATABASE_PASSWORD.

Then we can use this newly defined env to create a more complex env with other values.

{ name: DATABASE_URL, value: “{{ printf “%s://%s:$(DATABASE_PASSWORD)@%s:%s/%s” .Values.web.app.db.motor .Values.web.app.db.user .Values.web.app.db.host .Values.web.app.db.port .Values.web.app.db.name }}”}

We can use our defined non secret values along with the env that’s gonna contain our secret.

The container will hold its env variable including this DATABASE_URL which will read: db_motor://db_user:$(DATABASE_PASSWORD)@host:port/db_name

From now on, when doing an echo $DATABASE_URL in a pod, the env DATABASE_PASSWORD will be computed as db_motor://db_user:db_password@host:port/db_name

The only drawback is that there is an additionnal env variable to store the secret value.