Skip to main content
May 17, 2025
Question

k8s x local env - complicated secrets workflow

  • May 17, 2025
  • 0 replies
  • 26 views

Hi,

Currently, in our dev/local environment, we load our secrets by providing a "op.env" file and let 1P CLI load the secrets in the file to the app's environment variables.

The example command would be: op run --env-file="./op.env" -- deno run index.js

It works normally as expected.

We're planning to bring it to prod on our k8s cluster. This makes things complicated as per OP's docs, using the operator requires us to load the variables from the deployment yaml file.

env:
          - name: DB_USERNAME
            value: op://my-vault/my-item/sql/username
          - name: DB_PASSWORD
            value: op://my-vault/my-item/sql/password

 

This makes things complicated as we're going to add/modify/delete 2 times on our local environment (op.env) and the kubernetes yaml.

Is there anyway of improving this workflow or are there better ways on deploying on k8s & local env easily?