We know storing credentials or other sensitive values in a configuration file (e.g. Kubernetes yaml file) is bad, but how can we get values easily replaced without having to do a complicated string substitution or writing a custom Python script?
I often have personal environment variable files for projects that I use to store credentials and configurations in. Before working on a project I would the corresponding configuration file into the shell session. However, these files cannot be stored in git repositories or shared with coworkers or bots. Even worse, sometimes the repositories have files in them that need to be changed, which is dangerous, because it’s easy to accidentally commit these files.
Well as it turns out, there already is a good solution and it is called envsubst
. We can use envsubst
to substitute environment variable placeholders inside configuration files and we can even pipe it into other commands like Kubernetes’ kubectl
.
envsubst < config.txt