Can we consume secrets (stored as environment variables) from one container to another with the same namespace, container name?

I have two different yaml files - one is a deployment config which is consuming secrets from one safe with its respective role and exporting them as environment variables into a specific path (used annotations) and there’s a cron job which is also consuming secrets but from another safe with another role but with the same details as the deployment config (consider the cron as a baby container of the actual container) the secrets have the same path as well. how can I point my cron to fetch the other secret from parent container?

thank you in advance for your time!

If you are looking to pass an environment variable from the Docker/container host to a container running on that host and set an environment variable in the container, you can use --env or -e.

You can see an example in this tutorial:

Docker reference:

Hello Jonathan,
thank you for your time, but unfortunately this wouldn’t work for us.

but, is there any way to directly connect an init container inside a pod to the vault directly without using annotations (use the jwt token to get authenticated and then retrieve secrets ?)

the whole point it to connect to two different safes with two different roles, the pod already has annotations to connect to one safe but I’m trying to connect the init container to the vault directly to fetch secrets from the other safe.

If you are running these on Kubernetes (jumped to an assumption based on the use of the word pods) then you should be able to configure the Kubernetes auth method. That will allow a pod to connect to Vault.

You can see an example of using that auth method in this tutorial:

you are right, we are using Kubernetes auth method. the pod is already connected to the vault using annotations and it is retrieving the secrets from one safe. but I’m wondering If an init-container can connect to the vault independent of the pod and retrieve secrets from another safe with another role?

I can’t say I have tried personally with an init container, but I would expect it to work - at its core its a container being spun up, but terminates at the conclusion of its task.