A Kubernetes secret is an object that contains sensitive or confidential data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image.
Secrets are normally created independently of the pods that use them. This means that there is less risk of the secret data being exposed when the pods are beeing created, updated, viewed or managed.
Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.
Before you begin, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.
Convert your secret data to a base-64 representation
Use a base64 encoding tool to convert your username and password to a base64 representation. Here’s an example using the commonly available base64 program:
echo -n 'app' | base64 echo -n 'secret' | base64
Here is a configuration file you can use to create a Secret that holds your username and password:
apiVersion: v1 kind: Secret metadata: name: test-secret data: username: YXBw password: c2VjcmV0
Create the Secret with this command:
kubectl apply -f ./secret.yaml
Check information in the secret:
kubectl get secret test-secret
Getting more more detailed information about the Secret:
kubectl describe secret test-secret
Create a Secret directly with kubectl
kubectl create secret generic -n dev test-secret --from-literal='username=app' --from-literal='password=secret'