Kubernetes-Secrets

A Kubernetes Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

YAML

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-secret
  type: Opaque
  data:
    app-password: NXVQNFNlS3J5dA==
    admin-password: RDBub3Q1VDM0TA==

Accessing a secret

  • As an environment variable
  apiVersion: apps/v1
  ...
  spec:
    template:
    ...
    spec:
      containers:
      ...
      env:
        - name: DATABASE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: example-secret
              key: db-password
  • As a volume
  apiVersion: apps/v1
  ...
  spec:
    template:
    ...
    spec:
      containers: ...
      volumes:
        - name: secrets
          secret:
            secretName: example-secret
          container: ...
          volumeMounts:
            - name: secrets
              mountPath: /etc/example-secrets
              readOnly: true

References: