Secrets in Kubernetes

Kubernetes is a great orchestration tool. It  allows to deploy and easily manage dockerized applications and be able to scale them properly. There are many tutorials on how to set up your own cluster or use one of the managed ones in any cloud provider. But in this post i want to focus on the secrets objects.

Secrets in Kubernetes are objects that handler sensitive data such as Usernames, passwords, connection strings, etc.

So far so good. However lets give a closer look on how to create a secret object in Kubernetes. Here is reported an example:

apiVersion: v1
kind: Secret
  name: mysecret
type: Opaque
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

This object is a secret object called “mysecret”. It contains two data fields. One key called username and one key called password. The value of each key must be encoded in base64.  For example the value “admin” has been encoded in base64 resulting in “YWRtaW4=” .

Accessing secrets is also pretty straight forward. For example a Pods can access this secrets and load it as env variable with the following lines:

apiVersion: v1
kind: Pod
  name: secret-env-pod
  - name: mycontainer
    image: redis
      - name: SECRET_USERNAME
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
            name: mysecret
            key: password
  restartPolicy: Never


This post is related to the base 64 and echo command post.


Click to rate this post!
[Total: 1 Average: 5]

Leave a Reply

Your email address will not be published.