Secrets

Secrets are similar to ConfigMaps which stores confidential data. These are used to pass passwords, keys, etc to the pods.

Create Secrets

Secrets can be created using imperative (command) and using resource yam file.

Imperative way to create secrets

kubectl create secret <secret-type> <secret-name> --from-literal <key>=<value>

This way does not require to encode the values in base64.

kubectl create secret generic test-secret --from-literal password=password

Declarative way

apiVersion: v1
kind: Secret
metadata:
  name: mysql-db-secret
data:
  USER: dXNlcg==
  PASSWORD: dXNlcg==

This requires to encode the value in base64, otherwise it will throw error.

Using secrets

To use secrets in a pod, we can do this following way.

Snippet of pod-def.yaml

containers:
    - name: nginx
      image: nginx
      envFrom:
        - secretRef:
            name: mysql-db-secret

When secret is being used in container, those are decoded by kubernetes itself.

Note

Secrets are not encrypted and can be accessed by anyone who as access to the cluster and the namespace. It is better to try third party secret storage.

bitPhile

Explorer

secrets

Secrets

Create Secrets

Imperative way to create secrets

Declarative way

Using secrets

Graph View

Table of Contents

Backlinks