Difference between revisions of "Kubernetes secrets"
Jump to navigation
Jump to search
(14 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
* <code>[[kind: Secret]]</code> | * <code>[[kind: Secret]]</code> | ||
+ | Kubernetes Secret Types: | ||
+ | {{secret types TOC}} | ||
== Examples == | == Examples == | ||
Line 14: | Line 16: | ||
* <code>[[kubectl get secret]]</code> | * <code>[[kubectl get secret]]</code> | ||
* <code>[[kubectl get secrets]]</code> | * <code>[[kubectl get secrets]]</code> | ||
− | * <code>[[kubectl describe]] | + | * <code>[[kubectl get secrets -A]]</code> |
+ | * <code>[[kubectl describe secrets]]/MY_SECRET_NAME</code> | ||
* <code>[[kubectl apply]] -f ./[[secret.yml]]</code> | * <code>[[kubectl apply]] -f ./[[secret.yml]]</code> | ||
* <code>[[kubectl apply]] -k</code> | * <code>[[kubectl apply]] -k</code> | ||
* <code>[[kubectl edit secrets]]</code> | * <code>[[kubectl edit secrets]]</code> | ||
* <code>[[kubectl describe secret]] -n [[kubernetes-dashboard]]</code> | * <code>[[kubectl describe secret]] -n [[kubernetes-dashboard]]</code> | ||
+ | * <code>[[kubectl describe secret default-token]]</code> | ||
== Related terms == | == Related terms == | ||
Line 30: | Line 34: | ||
* <code>[[SecretKeyRef]]</code> | * <code>[[SecretKeyRef]]</code> | ||
* <code>[[type: Opaque]]</code> | * <code>[[type: Opaque]]</code> | ||
+ | * [[SOPS: Secrets OPerationS]]: <code>[[sops]]</code> | ||
+ | * [[Kubernetes HostPath volume provider]] | ||
+ | * [[1password Kubernetes Injector]] | ||
+ | * [[secret:]] | ||
== Activities == | == Activities == | ||
* [[Delete and recreate your secret]] | * [[Delete and recreate your secret]] | ||
* Learn about different <code>[[kind: Secret]]</code> types. | * Learn about different <code>[[kind: Secret]]</code> types. | ||
+ | * Read https://poweruser.blog/how-to-encrypt-secrets-in-config-files-1dbb794f7352 | ||
+ | * [[Distribute Credentials Securely Using Secrets]] | ||
+ | * [[Pull an Image from a Private Registry in Kubernetes]] | ||
== News == | == News == |
Latest revision as of 10:59, 15 October 2024
https://kubernetes.io/docs/concepts/configuration/secret/
Kubernetes Secret Types:
Opaque arbitrary user-defined data kubernetes.io/service-account-token ServiceAccount token kubernetes.io/dockercfg serialized ~/.dockercfg file kubernetes.io/dockerconfigjson serialized ~/.docker/config.json file kubernetes.io/basic-auth credentials for basic authentication kubernetes.io/ssh-auth credentials for SSH authentication kubernetes.io/tls data for a TLS client or server bootstrap.kubernetes.io/token bootstrap token data istio.io/key-and-cert
Examples[edit]
kubectl create secret
,kubectl get secrets
,kubectl describe secrets/MY_SECRET_NAME
kubectl apply secret.yml
kubectl describe secrets/MY_SECRET_NAME
kubectl create secret
kubectl get secret
kubectl get secrets
kubectl get secrets -A
kubectl describe secrets/MY_SECRET_NAME
kubectl apply -f ./secret.yml
kubectl apply -k
kubectl edit secrets
kubectl describe secret -n kubernetes-dashboard
kubectl describe secret default-token
Related terms[edit]
- Use ConfigMaps and Secrets to configure applications, CKA v1.24 (2022), CKA v1.23 (2021)
- CKA v1.18: Security persistent key value store
- CKA v1.15: Create & consume Secrets
ConfigMaps
secret not found
- Kustomize
base64 --decode; echo
SecretKeyRef
type: Opaque
- SOPS: Secrets OPerationS:
sops
- Kubernetes HostPath volume provider
- 1password Kubernetes Injector
- secret:
Activities[edit]
- Delete and recreate your secret
- Learn about different
kind: Secret
types. - Read https://poweruser.blog/how-to-encrypt-secrets-in-config-files-1dbb794f7352
- Distribute Credentials Securely Using Secrets
- Pull an Image from a Private Registry in Kubernetes
News[edit]
- Aug 2020 Kubernetes v1.19 Immutable secrets and ConfigMaps https://github.com/kubernetes/enhancements/issues/1412
See also[edit]
- Kubernetes secrets:
kubectl [ get | create | describe | delete | secret ] secrets
,secret.yml, kind: Secret, secretKeyRef, default-token, imagePullSecrets:, kubernetes.io/dockerconfigjson
- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising: