Kubernetes Operator not Properly injecting Secrets

Need Help
1

When running an app, all the secrets are not properly setup.

I have a:
DOPPLER_SECRETS_FILE= …
where … is a string of all my env vars.
Like this:

│ DOPPLER_SECRETS_FILE=API_BASE_URL="http://localhost:3000"

My deployment has:

        envFrom:
        - secretRef:
            name: auth-service-secrets

and DopplerSecret CRD looks like:

  apiVersion: secrets.doppler.com/v1alpha1
  kind: DopplerSecret
  metadata:
    name: auth-secrets
    namespace: dev
  spec:
    managedSecret:
      name: auth-service-secrets
    project: auth
    config: dev
    tokenSecret:
      name: doppler-token-secret
    format: env
    resyncSeconds: 60  # Default is 60 seconds

an I am using the “recommended” operator deployment manifest

I don’t do anything funky with envs in my auth-service container, just a godotenv.load, which I have tried removing.

Any tips?

Resolved:
remove format key

2

Hi @Sammy_Roberts!

Welcome to the Doppler Community!

I see you sorted this out on your own! The format key causes the secrets to be synced to a single environment variable called DOPPLER_SECRETS_FILE and then you’re meant to be mounting that as a file something like this:

...
    spec:
      containers:
        - name: dotnet-webapp
          volumeMounts:
            - name: doppler
              mountPath: /usr/src/app/secrets 
              readOnly: true
      volumes:
        - name: doppler
          secret:
            secretName: dotnet-webapp-appsettings  # Managed secret name
            optional: false
            items:
              - key: DOPPLER_SECRETS_FILE # Hard-coded by Operator when format specified
                path: appsettings.json # Name or path to file name appended to container mountPath

If you just want the secrets to get injected into the environment using envFrom, then you don’t want to use the download format key as you discovered!