I have a container that runs a rust created binary that needs to be parametrized (eg with a database password).
The easy and straightforward way would be to add the value as an environment variable and then reference it accordingly from rust. The issue is that as I understand it this is not the recommended approach security wise from Kubernetes.
This leaves us mounting Kubernetes secrets as a volume in the pod.
I played a bit with
dotenv but it seems it is not supported the Kubernetes mounted secret format by default.
The issue is that I'm unable to find a good library or example that describes this pattern, without adding ugly intermediate steps.
Is there anybody that has done it, and has any best practices to provide?