Creating and Managing Secrets in Kubernetes

Pinterest LinkedIn Tumblr

A Kubernetes secret is an object that contains sensitive or confidential data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image.

Secrets are normally created independently of the pods that use them. This means that there is less risk of the secret data being exposed when the pods are beeing created, updated, viewed or managed.

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.


Before you begin, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

Convert your secret data to a base-64 representation

Use a base64 encoding tool to convert your username and password to a base64 representation. Here’s an example using the commonly available base64 program:

echo -n 'app' | base64
echo -n 'secret' | base64

Here is a configuration file you can use to create a Secret that holds your username and password:

apiVersion: v1
kind: Secret
  name: test-secret
  username: YXBw
  password: c2VjcmV0

Create the Secret with this command:

kubectl apply -f ./secret.yaml

Check information in the secret:

kubectl get secret test-secret

Getting more more detailed information about the Secret:

kubectl describe secret test-secret

Create a Secret directly with kubectl

kubectl create secret generic -n dev test-secret --from-literal='username=app' --from-literal='password=secret'

I am a Devops Engineer, but I would describe myself as a Tech Enthusiast who is a fan of Open Source, Linux, Automations, Cloud and Virtualization. I love learning and exploring new things so I blog in my free time about Devops related stuff, Linux, Automations and Open Source software. I can also code in Python and Golang.

Write A Comment