Kubernetes
Practical
By Samson Tanimawo, PhD
Published Apr 4, 2026
4 min read
Secret as Volume vs Env Var
Two ways to inject secrets. The trade-offs.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Volume mount
Files in /etc/secret. Updated when secret changes.
Pod doesn't restart on update.
Env var
Set at start. Pod restart needed to update.
Visible in process listing.
Decide
Vol for rotation-friendly. Env for pre-secret-management apps.
Most modern: vol.