Kubernetes basics - Secret

May 05, 2020

Page content

Concepts

We can regard Secret as encrypted ConfigMap. In order to enabling encryption, we should

Future scope: how to encrypted???

Secret

We should store the key in base64 encode. Suppose we want to store secret value this_is_value with key key_1.

First, we should encode the secret value as follow.

$ echo -n "this_is_value" | base64
dGhpc19pc192YWx1ZQ==

dGhpc19pc192YWx1ZQ== is base64 encoded this_is_value.

Now, make a YAML file.

apiVersion: v1
kind: Secrets
metadata:
  name: my-secret
data:
  key_1: dGhpc19pc192YWx1ZQ==

Even we try to read a value with kubectl describe secrets it doesn’t return a credential. But kubectl get secret {my-secret} -o yaml returns base64-encoded credentials. Be carefull.

Here is how to decode base64 secrets.

$ echo -n "dGhpc19pc192YWx1ZQ==" | base64 --decode
this_is_value

Apply Secrets to objects

In container argument, add like the following (similar to ConfigMap).

envFrom:
  - secretRef:
      name: my-secret