Load Vault Secrets as Env Variable

We know that Vault secrets can be used as env variables using the appropriate annotation in the pod ( export {{ …)

This requires sourcing these files during runtime. This is possible when we have our own containers.

However, in our case, we do have 3rd party containers via helm chart and modifying these standard containers is not quite straightforward.

Any suggestions, how to deal with this issue.


Does the application use a text file json or yaml where it can read the secrets from? If so you can use consul-template to generate the file from the init-container so that when that pod starts it can read the secrets from that file.