Argo Workflows Default Env Quick Fix - Global Environment Variables
DodaTech
Updated 2026-06-26
1 min read
Argo Workflows default environment variables can be injected globally or per template. Incorrect env configuration causes missing dependencies or secret exposure. This guide covers the fix.
Quick Fix
Wrong
config: |
executor:
env:
- name: DATABASE_URL
value: postgres://user:password@localhost/db
Hardcoding sensitive credentials in controller ConfigMap exposes them to all workflow pods and anyone with ConfigMap access. This is a security risk.
Right
config: |
executor:
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials
key: url
- name: LOG_LEVEL
value: info
# Expected output after applying the fix
# DATABASE_URL injected from Kubernetes secret
# LOG_LEVEL set to "info" for all workflow pods
# No credentials exposed in ConfigMap
# Environment variables available in all templates
Prevention
- Use
valueFrom.secretKeyReffor sensitive environment variables - Limit global env vars to non-sensitive configuration
- Override global env vars at the template level when needed
- Document all global environment variables
- Audit global env vars regularly for security Compliance
DodaTech Tools
Doda Browser's env inspector shows all environment variables across workflow templates. DodaZIP archives env configurations for security reviews. Durga Antivirus Pro detects hardcoded secrets in workflow configurations.
FAQ
← Previous
Argo Data Task Quick Fix - Data Processing Template
Next →
Argo Emissary Executor Quick Fix - Emissary-Specific Issues
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro