Microservices Runtime supports one Secret per container (each Secret can contain multiple entries often called keys) and a Secret of type Opaque only.

Prior to using a Secret with a configuration variables files (application.properties), you must do the following:

To use a Kubernetes Secret for a property value in a configuration variables file, set the key-value pair for the asset property using the following format:

Where the SecretName is the key for the secret whose value you want to use. For example:

When you start the container, you can set the SECRET_PATH environment variable to the path where the Secret will be present inside the container. You do not need to specify this environment variable if the Secret is mounted at /etc/secrets.

When Microservices Runtime applies the configuration variables file, Microservices Runtime looks for the location of the Secret by first checking if the SECRET_PATH environment variable is present. If so, then Microservices Runtime reads the Secret from the path present in this environment variable. If the SECRET_PATH environment variable was not provided when the container started, then Microservices Runtime expects the Secret will be mounted at /etc/secrets and will read the Secret from there.

If Microservices Runtime cannot find the Secret used in the configuration variables file (the Secret is not present or access to the file is restricted due to file permissions), the following Info level message will be written to the configurationvariables.log:

[ISS.0028.0039I] Exception occurred while reading secret file: <pathToFile>