Read secret values from mounted volumes from Spring mvc application

Question

We have a spring MVC application deployed using tomcat image in AKS. How to get values from Secrets mounted as volumes?

Most of the examples points to spring boot only

I am mounting values from secret store

kind: Pod
apiVersion: v1
metadata:
  name: nginx
  namespace: default
  labels:
    aadpodidbinding: pod-mi
spec:
  containers:
    - name: nginx
      image: nginx
      volumeMounts:
        - name: foo
          mountPath: "/mnt/secrets"
          readOnly: true
  volumes:
    - name: foo
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: spc.

can see the secrets get mounted correctly:

kubectl -n default exec -it nginx -- bash
root@nginx:/# ls /mnt/secrets
service-one-secret
service-two-secret

Cat service-one-secret doesn't return anything

Can any one suggest a way to read its values from spring mvc application?

Answer 1

When you mount the secret as a volume to the container, then it would show the data of the secret in that path. For example, you create a secret with the command:

kubectl create secret generic basic-secret \
  --from-literal=username="jsmith" \
  --from-literal=password="mysupersecurepassword"

Then you mount the secret as a volume:

...
spec:
  volumes:
  - name: vol-secret
    secret:
      secretName: my-secret
  containers:
  ...
    volumeMounts:
    - name: vol-secret
      mountPath: /etc/app/secrets

Then you can see the files named username and password in the path /etc/app/secrets, and the value looks like this:

/ # ls /etc/app/secrets
password  user
/ # cat /etc/app/secrets/password
mysupersecurepassword
/ # cat /etc/app/secrets/username
jsmith