Secure Environment Variables and Secrets
Configure runtime settings and inject secrets safely without exposing them in git repositories.
The Problem
Hardcoding database passwords, API tokens, and credentials in git repositories leads to security breaches.
The Kubeletto Solution
Store variables securely in Kubeletto's encrypted secrets database, and inject them into container pods at startup.
Key Benefits & Workflow
Why Developers Prefer It
- Encrypted at rest: secrets are secured using AES-256 encryption.
- No downtime updates: updating environment variables triggers a clean rolling update.
- CLI secrets synchronization.
How It Works
- 1
Navigate to the Environment tab in the console.
- 2
Add key-value pairs (e.g., DATABASE_URL = postgres://...).
- 3
Click save, and Kubeletto performs a rolling deploy with the new variables.
Under the Hood
Variables are stored in an encrypted database. Upon deployment, they are injected as environment keys into the container runtime sandbox via Kubernetes Secrets.
Managed container orchestration layer.
kubeletto env set STRIPE_API_KEY=sk_test_12345 --app billing-service Frequently Asked Questions
Are secrets exposed in build logs?
No. Kubeletto automatically filters and masks secret values from all build and runtime logs.
Can I inject env files?
Yes, the CLI supports uploading variables from standard `.env` files directly.