apiVersion: v1 kind: ConfigMap metadata: name: secrets-init data: initialize-secrets.py: | #!/usr/bin/python import os import sys for f in sys.argv[1:]: with open(f"/config/{f}") as r: c = r.read() for k, v in os.environ.items(): if not k.startswith("SECRET_"): continue if v is not None: c = c.replace(k, v) print("replaced", k) if os.getenv("DEBUG_PRINT_SECRETS_IN_PLAINTEXT") == "i promise to rotate the secrets after I do this": print(c) with open(f"/data/{f}", 'w') as w: w.write(c)