Secrets

For example hardcoding host, username and passwords in th code is not a good idea.
One option for this is to move these data to a configmap. configMap stores configuration data in plain text format. It will be ok to move the Hostname and username to the config but it is definetely not the right place to move the passwords.

Secrets

Secrets are used to store sensitive information.
Secrets are similar to configMaps except that they are stored in an encoded or hashed format.

There are two steps involved in working with secrets.
1. Create a secret
2. Inject into a POD.

Create a secret

There are two ways to create secrets.
* Imperative way - without using a secret definition file.

secret-1

  • Declarative way - using a secret definition file.

secret-2

We need to encode passwords and other important things while giving in definition file.

encoding

kubectl get secrets
To view the secrets available

kubectl describe secrets
To view more information about the newly created secret. This shows the attributes of the newly created secret, but hides the values.

To view the values of secrets
kubectl get secret <secret name> -o yaml

If we want to decode the hash values

decode

Inject into a POD

We inject secrets as environment variables in the pod definition file as below

inject