Secrets
5 min read Quiz at the end
Store sensitive data (passwords, keys) in Secrets and mount them as env vars or files.
Kubernetes Secrets
# Create secret
kubectl create secret generic db-creds --from-literal=password=mysecretpass --from-literal=username=dbuser
# TLS secret
kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key
# Use in pod
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-creds
key: password
# Mount as file
volumes:
- name: secret-vol
secret:
secretName: db-creds
volumeMounts:
- name: secret-vol
mountPath: /etc/secrets
readOnly: true
# View (base64 encoded)
kubectl get secret db-creds -o yaml
Topic Quiz · 1 questions
Test your understanding before moving on
1. What happens to Secret data stored in Kubernetes?
💡 Secrets are base64-encoded by default; enable etcd encryption for at-rest encryption.