Nutanix
portal.nutanix.com › page › documents › solutions › details
Creating a Secret for PostgreSQL Authentication
We cannot provide a description for this page right now
CloudyTuts
cloudytuts.com › guides › kubernetes › how-to-deploy-postgress-kubernetes
How to Deploy Postgres on Kubernetes - CloudyTuts
September 8, 2020 - However, due to their sensitive ... resource named postgres for storing a superuser username and password, use the kubectl create secret command....
PostgreSQL In Kubernetes cannot use DEFAULT_USER from secret but can from value - Stack Overflow
I just can't figure out why it is working the way it is. If I use POSTGRES_PASSWORD with hardcoded value in environment it works use POSTGRES_PASSWORD from a secret with valueFrom: secretKeyRef: it More on stackoverflow.com
config map vs secret to store credentials for Postgres deployment
What happened: When I tried to reference credentials stored in a secret's values to Postgres - it didn't worked properly. create a secret apiVersion: v1 kind: Secret metadata: name: postgre... More on github.com
3
October 25, 2018postgresql - Problem with postgres in kubernetes when using password in configMap or secret - Stack Overflow
tnx for your answer. but I passed the password in the ... parts. and when I pass it directly through docker environment it works (but not works through kuber config map or secret). I think its kubernetes related problem and not related to postgres image (imagine kubernetes starts the container ... More on stackoverflow.com
Secret Management in Kubernetes with HashiCorp Vault and Dynamic PostgreSQL Credentials - Vault - HashiCorp Discuss
Our setup includes a Kubernetes ... managed database user credentials, integrating them into our services via Kubernetes secrets. In my recent implementation, I explored generating PostgreSQL ...... More on discuss.hashicorp.com
0
February 21, 2024Videos
How to Store Secrets in Kubernetes with NEXTJS + POSTGRES
16:53
Secure PostgreSQL on Kubernetes - Philippe Scorsolini - YouTube
15:37
Vault on Kubernetes with PostgreSQL - YouTube
Use Vault to Store, Secure and Rotate Kubernetes PSQL ...
How to deploy PostgreSQL Database on Kubernetes Cluster ...
How to run a basic PostGreSQL in Kubernetes!
Kubernetes
kubernetes.io › docs › concepts › configuration › secret
Secrets | Kubernetes
March 17, 2026 - Kubernetes Secrets are, by default, stored unencrypted in the API server's underlying data store (etcd). Anyone with API access can retrieve or modify a Secret, and so can anyone with access to etcd.
Stack Overflow
stackoverflow.com › questions › 76376793 › postgresql-in-kubernetes-cannot-use-default-user-from-secret-but-can-from-value
PostgreSQL In Kubernetes cannot use DEFAULT_USER from secret but can from value - Stack Overflow
use POSTGRES_PASSWORD from a secret with valueFrom: secretKeyRef: it works
GitHub
github.com › kubernetes › kubernetes › issues › 70241
config map vs secret to store credentials for Postgres deployment · Issue #70241 · kubernetes/kubernetes
October 25, 2018 - apiVersion: v1 kind: Secret metadata: name: postgres-secret type: Opaque data: POSTGRES_DB: dGVzdAo= # test POSTGRES_USER: dGVzdAo= # test POSTGRES_PASSWORD: dGVzdAo= # test
Author AndriiOmelianenko
Earthly
earthly.dev › blog › kubernetes-secrets
An Introduction to Kubernetes Secrets - Earthly Blog
July 19, 2023 - The secret postgres-secret holds the credentials needed to access the PostgreSQL server, so you will use that secret as an environment variable to configure a statefulSet to deploy a PostgreSQL database.
GitHub
github.com › docker-library › postgres › discussions › 1189
POSTGRES_USER env var can't be set using kubernetes secrets · docker-library/postgres · Discussion #1189
env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-postgres key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-postgres key: password
Author docker-library
Secretless
secretless.io › tutorials › kubernetes › sec-admin.html
Using Secretless in Kubernetes · Secretless
Products used: Kubernetes Secrets, PostgreSQL Service Connector · Before We Begin · Overview · Steps for Security Admin · Steps for Application Developer · Appendix - Secretless Deployment Manifest Explained · back continue · Want to learn more?
Medium
medium.com › @xcoulon › managing-pod-configuration-using-configmaps-and-secrets-in-kubernetes-93a2de9449be
Managing Pod configuration using ConfigMaps and Secrets in Kubernetes | by Xavier Coulon | Medium
November 28, 2017 - Now, we can adapt our database’s Deployment manifest to fetch the settings from the database-secret-config Secret, using the valueFrom/secretKeyRef reference: As we’ve seen in the previous article, once the database Deployment object has been created from the manifest above, we can see the Pod a in runningstate: $ kubectl create -f templates/database-deployment.yml deployment "postgres" created$ kubectl get all NAME READY STATUS RESTARTS AGE po/postgres-3585693371-xnzjv 1/1 Running 0 5sNAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/postgres 10.0.0.191 <none> 5432/TCP 7dNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deploy/postgres 1 1 1 1 5sNAME DESIRED CURRENT READY AGE rs/postgres-3585693371 1 1 1 5s
Medium
medium.com › @jakkanirakshith15 › kubernetes-centralized-secret-management-using-hashicorp-vault-postgresql-and-external-secret-84f01a2f4ae1
Kubernetes — Centralized Secret Management using Hashicorp-Vault, PostgreSQL, and External Secret Operator | by Rakshith Jakkani | Medium
August 22, 2024 - When your vautl server goes down, you want to launch again with the data that was present in previous vault, simply you just have to configure your previous backend, so that your vault server will launched with previous data that is present in backend. In this blog, we will be using PostgreSQL as a backend. External secret Operator(ESO): ESO is a kubernetes operator which is used to get the secrets from vault server and pass that secret to kubernetes pod.
HashiCorp Discuss
discuss.hashicorp.com › vault
Secret Management in Kubernetes with HashiCorp Vault and Dynamic PostgreSQL Credentials - Vault - HashiCorp Discuss
February 21, 2024 - Hello, I’m currently developing a Proof of Concept (POC) focused on enhancing secret management within a Kubernetes environment, utilizing HashiCorp Vault for dynamic secret generation. Our setup includes a Kubernetes cluster hosting 30 services as deployments, all of which interact with a PostgreSQL database.
HashiCorp Developer
developer.hashicorp.com › vault › tutorials › deploy vault › manage kubernetes native secrets
Manage Kubernetes native secrets with the Vault Secrets Operator | Vault | HashiCorp Developer
The lifecycle management includes deleting and recreating the secrets. In this section you will use the Vault Secrets Operator to rotate the Kubernetes secret every 1 minute. You will create a pod and install PostreSQL. PostgreSQL will later generate credentials for the database secrets engine.
OptimaData
optimadata.nl › home › how to postgres on kubernetes
How to Postgres on Kubernetes | OptimaData
February 17, 2025 - First you create a YAML file to define in it some things for the PostgreSQL pod / container. What things are needed and what are they for? A secret is a clean way to store data such as passwords.
Pulumi
pulumi.com › answers › managing-postgres-secrets-with-kubernetes
Pulumi Answers | Managing Postgres secrets efficiently with Kubernetes Secrets
In this example, we demonstrated how to manage Postgres secrets efficiently using Kubernetes Secrets with Pulumi. We created a Kubernetes Secret to securely store the Postgres credentials, ensuring sensitive information is not exposed in the application code or configuration files.
Reddit
reddit.com › r/kubernetes › any help with getting postgres tls certs from a secret volume mount?
r/kubernetes on Reddit: Any help with getting Postgres TLS certs from a secret volume mount?
August 1, 2022 -
Currently I have Postgres deployed in my k8s cluster with its TLS certs provided manually via a mounted volume. In the interest of further automating my environment configuration, I want to instead provide the TLS cert/key via a k8s secret. This is the first step down a long list of changes, but I digress.
Anyway, I have everything configured perfectly. The cert/key are mounted via a volume that pulls from a TLS secret. The problem is Postgres requires the cert/key to be owned by the postgres user, and the files from the secret are owned by the root user. I've been googling this problem for a minute, and what I've found so far are references to some kind of BusyBox solution with a sidecar container that I can't for the life of me figure out (haven't done multi-container pods before). I can already see that k8s doesn't support changing the ownership of the mounted secret, there's an open issue on their GitHub about this.
Anyway, I'm sure there's some solution out there for this. Really hoping someone can guide me here. Thanks.
Top answer 1 of 5
2
The relevant issue in Kubernetes if you want to follow the progress: https://github.com/kubernetes/kubernetes/issues/81089 Unfortunately it will likely take some time before it is solved. In the meantime you will need to use workarounds like e.g. an initContainer that fixes the ownership.
2 of 5
1
something is wrong, a secret mounted into a container should be accessible/readable by the user id of the container process. Cant offer more as don't know your setup but if you do need to process the cert first and dont want to change the postgres image then init container may be better. If you are using an operator for the postgres then all bets are off as I have not used this setup.
Refine
refine.dev › home › blog › engineering › how to deploy postgres on kubernetes
How to deploy Postgres on Kubernetes | Refine
January 22, 2024 - This sets the POSTGRES_PASSWORD environment variable in your PostgreSQL container to the password defined in the Secret. If you are using managed Kubernetes cluster on GKE for example, you can also set the environment variable from the web console, although the recommended practice is to use configmap and Kubernetes secret.
Fujitsu PostgreSQL
postgresql.fastware.com › blog › protecting-fujitsu-enterprise-postgres-for-kubernetes-cluster-with-hashicorp-vault
Protecting Fujitsu Enterprise Postgres for Kubernetes cluster with HashiCorp Vault
Kubernetes does provide its own secrets management system — but it has limitations: Secrets are base64-encoded, not encrypted at rest (unless you configure etcd encryption). Access controls can be coarse and hard to audit comprehensively.
Published September 9, 2025
VMware
techdocs.broadcom.com › us › en › vmware-tanzu › data-solutions › tanzu-for-postgres-on-kubernetes › 3-0 › tnz-postgres-k8s › accessing.html
Accessing a Postgres Instance in Kubernetes
January 23, 2026 - dbname=$(kubectl get secrets postgres-sample-app-user-db-secret -o jsonpath='{.data.database}' | base64 -D) username=$(kubectl get secrets postgres-sample-app-user-db-secret -o jsonpath='{.data.username}' | base64 -D) password=$(kubectl get secrets postgres-sample-app-user-db-secret -o jsonpath='{.data.password}' | base64 -D) For a remote Kubernetes environment, get the external host address and port from the Postgres load balancer:
EnterpriseDB
enterprisedb.com › docs › postgres_for_kubernetes › latest › cncf-projects › external-secrets
EDB Docs - EDB Postgres® AI for CloudNativePG™ Cluster v1.28.0 - External Secrets
By default, EDB Postgres® AI for CloudNativePG™ Cluster generates and manages a Kubernetes Secret named cluster-example-app, which contains the credentials for the app user in the cluster-example cluster.