Kubernetes includes a secret resource store. <\/p>\n
We can get a list of secrets via the namespace<\/p>\n
\r\nkubectl get secrets -n dev\r\n<\/pre>\nand for all namespaces using<\/p>\n
\r\nkubectl get secrets --all-namespaces\r\n<\/pre>\nWe can create a secret of the specified type<\/p>\n
Hence we use the “specified type” as below (which uses a generic type)<\/p>\n
\r\nkubectl create secret generic my-secret \\\r\n --from-literal=username=admin \\\r\n --from-literal=password=secret123 \\\r\n -n dev\r\n<\/pre>\nWith the above command, we created a secret with the name my-secret<\/em> and the key username<\/em> with value admin<\/em> followed by another key\/value.<\/p>\n
A secret can be created using Kubernetes YAML file with kind “Secret”<\/p>\n
\r\napiVersion: v1\r\nkind: Secret\r\nmetadata:\r\n name: my-secret\r\ntype: Opaque\r\ndata:\r\n username: YWRtaW4= # base64 encoded 'admin'\r\n password: c2VjcmV0MTIz # base64 encoded 'secret123'\r\n<\/pre>\nAccessing secrets, we can use the following<\/p>\n
\r\nkubectl get secret my-secret -o jsonpath="{.data.username}" -n dev | base64 --decode\r\nkubectl get secret my-secret -o jsonpath="{.data.username}" -n dev\r\n[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("YWRtaW4=")) \/\/ insert string from the above\r\n<\/pre>\nOr using Powershell<\/p>\n
\r\n$encoded = kubectl get secret my-secret -o jsonpath="{.data.username}" -n dev\r\n[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded))\r\n<\/pre>\nHere’s an example using a secret by including them in environment varianles<\/p>\n
\r\nenv:\r\n - name: DB_USER\r\n valueFrom:\r\n secretKeyRef:\r\n name: my-secret\r\n key: username\r\n<\/pre>\nthis gives us process.env.DB_USER<\/em>.<\/p>\n
Another use is mounting via the pods volume, hence it’s file system<\/p>\n
\r\nvolumes:\r\n - name: secret-volume\r\n secret:\r\n secretName: my-secret\r\n\r\nvolumeMounts:\r\n - name: secret-volume\r\n mountPath: "\/etc\/secret"\r\n readOnly: true\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Kubernetes includes a secret resource store. We can get a list of secrets via the namespace kubectl get secrets -n dev and for all namespaces using kubectl get secrets –all-namespaces We can create a secret of the specified type docker-registry Create a secret for use with a container registry generic Create a secret from a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[314],"tags":[],"class_list":["post-11887","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/11887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/comments?post=11887"}],"version-history":[{"count":5,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/11887\/revisions"}],"predecessor-version":[{"id":11952,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/11887\/revisions\/11952"}],"wp:attachment":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/media?parent=11887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/categories?post=11887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/tags?post=11887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}