Kubernetes secrets
https://kubernetes.io/docs/concepts/configuration/secret/
Kubernetes Secret Types:
Opaque arbitrary user-defined data kubernetes.io/service-account-token ServiceAccount token kubernetes.io/dockercfg serialized ~/.dockercfg file kubernetes.io/dockerconfigjson serialized ~/.docker/config.json file kubernetes.io/basic-auth credentials for basic authentication kubernetes.io/ssh-auth credentials for SSH authentication kubernetes.io/tls data for a TLS client or server bootstrap.kubernetes.io/token bootstrap token data istio.io/key-and-cert
Examples[edit]
kubectl create secret
,kubectl get secrets
,kubectl describe secrets/MY_SECRET_NAME
kubectl apply secret.yml
kubectl describe secrets/MY_SECRET_NAME
kubectl create secret
kubectl get secret
kubectl get secrets
kubectl get secrets -A
kubectl describe secrets/MY_SECRET_NAME
kubectl apply -f ./secret.yml
kubectl apply -k
kubectl edit secrets
kubectl describe secret -n kubernetes-dashboard
kubectl describe secret default-token
Related terms[edit]
- Use ConfigMaps and Secrets to configure applications, CKA v1.24 (2022), CKA v1.23 (2021)
- CKA v1.18: Security persistent key value store
- CKA v1.15: Create & consume Secrets
ConfigMaps
secret not found
- Kustomize
base64 --decode; echo
SecretKeyRef
type: Opaque
- SOPS: Secrets OPerationS:
sops
- Kubernetes HostPath volume provider
- 1password Kubernetes Injector
- secret:
Activities[edit]
- Delete and recreate your secret
- Learn about different
kind: Secret
types. - Read https://poweruser.blog/how-to-encrypt-secrets-in-config-files-1dbb794f7352
- Distribute Credentials Securely Using Secrets
- Pull an Image from a Private Registry in Kubernetes
News[edit]
- Aug 2020 Kubernetes v1.19 Immutable secrets and ConfigMaps https://github.com/kubernetes/enhancements/issues/1412
See also[edit]
- Kubernetes secrets:
kubectl [ get | create | describe | delete | secret ] secrets
,secret.yml, kind: Secret, secretKeyRef, default-token, imagePullSecrets:, kubernetes.io/dockerconfigjson
- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising: