Add a Kubernetes secret

Add a secret to Azure KeyVault.

In the Application repository, go to roles/sitecore-{topology}/templates/ and in the secrets.yaml file, go to the spec.parameters.objects section and add the new secrets reference:

array:
  - |
    objectName: {keyName of secret in Azure KeyVault}
    objectType: secret

To add a new secret, add:

- data:
  - key: {name of the kubernetes secret key}
    objectName: {keyName of secret in Azure KeyVault}
    secretName: {name of the Kubernetes secret}
    type: Opaque

To extend a secret from spec.secretObjects, find the appropriate {secretName} that you want to extend:

- data:
  - key: {name of the kubernetes secret key}
    objectName: {keyName of secret in Azure KeyVault}
    secretName: {name of the Kubernetes secret}
    type: Opaque

When the new secret has been added to the Azure KeyVault and the secrets.yaml file, you can use it as a reference in the AKS deployment/pod configuration. Here is an example of asecret configuration:

In the secrets.yaml’ there is a secret called sitecore-hostname with the keys id and cm:

- data:    
    - key: id      
      objectName: sitecore-id-host-name    
    - key: cm      
      objectName: sitecore-cm-host-name    
      secretName: sitecore-hostname

This secret is used by the id.yaml deployment overlay in /roles/sitecore-{topology}/overlays/id.yaml:

- name: SITECORE_HOSTNAME_ID   
  valueFrom:     
   secretKeyRef:       
    key: id       
    name: sitecore-hostname

To add secrets to other deployments, follow the same procedure.

Run the application pipeline to apply the changes.