In this post, we will explore How To Manage Secrets in Kubernetes and see some of the Best Practices. Secrets are objects in Kubernetes that are used to store sensitive data, such as passwords, tokens, keys, OAuth tokens ssh keys etc. in a secure and scalable manner within a Kubernetes cluster. This data can be used by pods or accessed through the Kubernetes API.
Secrets allows you to keep sensitive information out of your application code and reduces the risk of exposing it during the process of creating, viewing, and editing pods. Secrets are similar to ConfigMaps, but they are specifically designed to hold confidential data. Kubernetes and the applications running in your cluster can also take additional precautions with secrets, such as avoiding storing secret data on non-volatile storage.
kubectl create secret generic your-secret --from-file=path/to/file
kubectl create secret generic your-secret \\
--from-file=path/to/file/username.txt \\
--from-file=path/to/file/password.txt
# Create an opaque secret with a key-value pair
kubectl create secret generic your-secret --from-literal=key=value
kubectl create secret tls my-tls-secret --cert=cert.pem --key=key.pem
kubectl get secrets
kubectl describe secret
kubectl get secret your-secret -o jsonpath='{.data}'
kubectl edit secrets <secret-name>
This will open the default text editor and allow you to update the Secret values. For example, you might update the Secret as follows:
apiVersion: v1
data:
username: YWRtaW4=
password: UyFCKmQkekRzYj0=
kind: Secret
metadata:
creationTimestamp: "2022-01-01T00:00:00Z"
name: my-secret
namespace: default
resourceVersion: "12345"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: abcdef01-2345-6789-abcd-ef0123456789
type: Opaque
kubectl delete secret
kubectl delete secret your-secret
secretGenerator:
- name: your-secret
literals:
- username=admin
- password=aweqqfq12
kustomization.yaml with username & password from external files.
secretGenerator:
- name: your-secret
files:
- username.txt
- password.txt
kustomization.yaml with username & password from .env.secret file.
secretGenerator:
- name: your-secret
envs:
- .env.secret
kubectl apply -k <kustomization\_file\_path>
kubectl get secrets
kubectl apply -k <kustomization\_file\_path>
echo -n '<username>' | base64
echo -n '<password>' | base64
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: <base64\_output>
password: <base64\_output>
kubectl apply -f <path\_to\_sample\_manifest.yaml>
kubectl get secrets
echo -n '<username>' | base64
echo -n '<password>' | base64
kubectl apply -f <path\_to\_sample\_manifest.yaml>
kubectl get secret yaml ,kubectl get secrets ,kubectl list secrets ,kubectl delete secret ,kubectl create secret command ,kubernetes secrets ,kubectl get secret plain text ,kubectl create secret from-file ,Managing Secrets in Kubernetes , ,kustomize documentation ,kustomize examples ,kustomize secret generator stringdata ,kustomize secret generator commands ,kustomize sealed secrets ,kustomize patch ,kustomize replacements example ,kustomize secret generator no hash ,How do you manage secrets in Kubernetes ,Why Kustomize is better than Helm ,What is Kustomize used for ,How do you decode secrets in Kubernetes ,How secrets are managed in Kubernetes ,How do you securely store secrets in Kubernetes ,How do I manage secrets in Helm ,How do you decode secrets in Kubernetes ,