Platform Feature

Secure Environment Variables and Secrets

Configure runtime settings and inject secrets safely without exposing them in git repositories.

The Problem

Hardcoding database passwords, API tokens, and credentials in git repositories leads to security breaches.

The Kubeletto Solution

Store variables securely in Kubeletto's encrypted secrets database, and inject them into container pods at startup.

Key Benefits & Workflow

Why Developers Prefer It

  • Encrypted at rest: secrets are secured using AES-256 encryption.
  • No downtime updates: updating environment variables triggers a clean rolling update.
  • CLI secrets synchronization.

How It Works

  1. 1

    Navigate to the Environment tab in the console.

  2. 2

    Add key-value pairs (e.g., DATABASE_URL = postgres://...).

  3. 3

    Click save, and Kubeletto performs a rolling deploy with the new variables.

Under the Hood

Variables are stored in an encrypted database. Upon deployment, they are injected as environment keys into the container runtime sandbox via Kubernetes Secrets.

Managed container orchestration layer.

CLI Secret Injection
kubeletto env set STRIPE_API_KEY=sk_test_12345 --app billing-service

Frequently Asked Questions

Are secrets exposed in build logs?

No. Kubeletto automatically filters and masks secret values from all build and runtime logs.

Can I inject env files?

Yes, the CLI supports uploading variables from standard `.env` files directly.