We can regard Secret as encrypted ConfigMap. In order to enabling encryption, we should
We should store the key in base64 encode.
Suppose we want to store secret value this_is_value
with key key_1
.
First, we should encode the secret value as follow.
$ echo -n "this_is_value" | base64
dGhpc19pc192YWx1ZQ==
dGhpc19pc192YWx1ZQ==
is base64 encoded this_is_value
.
Now, make a YAML file.
apiVersion: v1
kind: Secrets
metadata:
name: my-secret
data:
key_1: dGhpc19pc192YWx1ZQ==
Even we try to read a value with kubectl describe secrets
it doesn’t return a credential.
But kubectl get secret {my-secret} -o yaml
returns base64-encoded credentials. Be carefull.
Here is how to decode base64 secrets.
$ echo -n "dGhpc19pc192YWx1ZQ==" | base64 --decode
this_is_value
In container
argument, add like the following (similar to ConfigMap).
envFrom:
- secretRef:
name: my-secret