Skip to content

Kubernetes – Working With Secrets

Kubernetes Secrets are objects that are used to store secret data in base64 encoded format. Using secrets enables developers not to put confidential information in the application code. Since Secrets are created independently of the pods, there is less risk of secrets being exposed.

Uses of Secrets

  • As files in a volume mounted on one or more of its containers.

  • As container environment variable.

  • By the kubelet when pulling images for the Pod.

Creating a Secret

kubectl create secret generic [secret-name] \  
--from-file=[key1]=[file1] \  
--from-file=[key2]=[file2]

Creating a Secret

Decoding Secret

kubectl get secret [secret] -o jsonpath='{.data}'

Decode Secret 1

The above output shows encoded key-value pairs.

Decode them using echo and pipe the output to base64

echo '[encoded-value]' | base64 --decode

Decode Secret 2

The above output is the decoded password.

Editing Secret

kubectl edit secrets <secret-name>

Edit Secret 1

The config file during editing would look like this:

Edit Secret 2

Deleting Secret

kubectl delete secret <secret-name>

Delete Secret