Kubernetes 101 : "Secret" objects and storing sensitive data in kubernetes

Secret is a kubernetes object to separately store sensitive information like passwords, instead of including it directly in the image.

By having a separate object for the "secret" information, we could have two copies of the same image attached to different secret information objects without the need to create a new image for scratch for each image with different "secret" information.

Creating a secret object:

We can use the below command to create a secret object "password_1from a file "passwords.txt":

Or we could create a secret object "user_1" from a literal value "user=root" as below:

The "generic" option is for random user-defined data.

Secret object for TLS information:

We could also use a secret object to store TLS keys and certificates using the below command:

The Yaml configuration file of a kubernetes "Secret" object:

Below is an example of a secret object Yaml configuration file:

Then we create our secret object using the below command:


The secret object values are Base64 encoded

Encoding our data for the secret object Yaml file:

To encode our data, we use a Linux program called "base64" to encrypt the "username=root" and the "password=root_password" used in the above secret object Yaml configuration file:


Leave as a comment: