Secrets
Smart tests can access secrets that are automatically injected into managed job runner group pods as environment variables.
Note
This feature is only supported in Signadot Operator >= v1.2.0.
Automatic Secret Injection
Any Kubernetes Secret found in the signadot namespace with the
signadot.com/managed-jrg-inject: "true" label will be automatically injected
into managed job runner group pods as environment variables.
Environment Variable Naming
Secrets are converted to environment variables using the following naming convention:
- Format:
{SECRET_NAME}_{SECRET_KEY} - All characters are converted to uppercase
- Invalid characters (non-alphanumeric except underscores) are replaced with underscores
- Multiple consecutive underscores are collapsed to a single underscore
- Leading and trailing underscores are removed
- If the resulting name doesn't start with a letter, digit, or underscore, a leading underscore is added
Examples
| Secret Name | Secret Key | Environment Variable Name |
|---|---|---|
api-keys | github-token | API_KEYS_GITHUB_TOKEN |
db-config | password | DB_CONFIG_PASSWORD |
my-secret | api_key | MY_SECRET_API_KEY |
test-secret | key-with-dashes | TEST_SECRET_KEY_WITH_DASHES |
Usage in Smart Tests
Once secrets are injected as environment variables, you can access them in your smart tests using:
secretValue = runtime.getenv("SECRET_NAME_KEY_NAME");
Example
If you have a secret named service-1 with a key token, you can access it in
your smart test like this:
token = runtime.getenv("SERVICE_1_TOKEN");
res = http.get(
url="https://external.service1.com/api/v1/products",
headers={"signadot-api-key": token},
capture=True,
name="getProducts"
)