Add a Kubernetes secret

Abstract

Learn how to add or extend a KeyVault secret.

Your Sitecore Managed Cloud configuration is provided by environment variables that refer to Kubernetes secrets (secretRef). Sensitive data is stored in Azure Key Vault and mounted to the Kubernetes secret through the Secrets Store CSI driver.

MCC-k8secret.png

You might want to create a new secret, for example, to pass sensitive values for your container service through the environment variable.

To add or extend a secret:

  1. Add a secret to Azure KeyVault.

  2. Go to /src/templates/ansible/roles/sitecore-{topology}/templates/ and in the secrets.yaml file, go to the spec.parameters.objects section and add the new secrets reference:

    array:
      - |
        objectName: {keyName of secret in Azure KeyVault}
        objectType: secret
    

    To add a new secret, add:

    - data:
      - key: {name of the kubernetes secret key}
        objectName: {keyName of secret in Azure KeyVault}
        secretName: {name of the Kubernetes secret}
        type: Opaque
    

    To extend a secret from spec.secretObjects, find the appropriate {secretName} you want to extend:

    - data:
      - key: {name of the kubernetes secret key}
        objectName: {keyName of secret in Azure KeyVault}
        secretName: {name of the Kubernetes secret}
        type: Opaque
    
  3. Add a Sitecore Pod environment variable that points to the new secret. For example, use Kustomize to deploy the yaml file.

  4. Run the application pipeline to apply the changes.

  5. Restart the pod.