When we develop applications, we keep our passwords and other sensitive data such as usernames, keys etc secured. Security is one of the main factors we need to consider when developing enterprise applications. Most of the time developers encode and save them. In the last article, we discussed how to move variables into a ConfigMap and store them. But the issue is these values are stored there in a plain text mode. This is definitely not the best method to store a password.

So, there come Kubernetes secrets. Secrets are used to store sensitive data. They are just the same as ConfigMaps but in secrets, data is stored in encoded or hash format.

A secret can be created and used in two simple methods. First, create a secret and inject them wherever you want to use it in Kubernetes.

Step 01: Creating secrets

There are two methods of creating secrets.

Method 01

Using kubectl command.

kubectl create secret generic

When creating the secret using the command specify the key-value pair in the command line.

kubectl create secret generic \
   <secrete_name> --from-literal=<KEY>=<VALUE>

Example:

kubectl create secret generic \
   my-secret --from-literal=USERNAME=admin

Here we created a secret named my-secret with a value, USERNAME=admin.This method is fine if you have only one or two secrets. But what if you need to add more than one secret. Then, this method will be a mess. Therefore we pass a file with key-value pair using the command option --from-file.

kubectl create secret generic \
   <secrete_name> --from-file=<PATH_TO_FILE>

Example:

First, create a file secrets.properties and add key-value pairs.

USERNAME: admin
PASSWORD: admin123

Then execute the command.

kubectl create secret generic \
   my-secret --from-file=secrets.properties

Here again, we created a secret named my-secret with two values, USERNAME=admin and PASSWORD=admin123.

Method 02

Using a file same as the ConfigMaps earlier. Create a file and name it secrets.yaml. Add the key-value pairs under the data section.

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
data:
  USERNAME: admin
  PASSWORD: admin123

As I mentioned earlier, secrets are used to store passwords and sensitive data in an encoded format. But here as you can see we have added the values in plain text format. This is not a very good method. So, when we use this method, we have to define the values in an encoded format.

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
data:
  USERNAME: YWRtaW4=
  PASSWORD: YWRtaW4xMjM=

Then execute the command.

kubectl apply -f secrets.yaml

You can encode secrets easily with the command echo -n "VALUE" | base64.

To decode use the command echo -n "VALUE" | base64 --decode.

Step 02: Inject secrets

Now we have created secrets and will see how to inject secrets into a pod. Let’s take the pod definition we created in the Kubernetes Pods article.

To add Kubernetes secrets add a new property called envFrom. This property is a list. So we can pass many environmental variables. Each item in the list corresponds to a secret item. Specify the name of the secret we created earlier to import the secrets.

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
      app: myapp
spec:
  containers:
    - name: nginx-container
      image: nginx
      envFrom:
        - secretRef:
              name: my-secret

This is only one method to inject variables. You can inject secrets as a single environmental variable

env:
  - name: USERNAME
    valueFrom:
      secretKeyRef:
        name: my-secret
        key: USERNAME

or inject all secrets in a file as a volume.

volumes:
- name: my-secret-volume
  secret:
    secretName: my-secret

If you inject secrets as a volume, each attribute in the secret is created as a file with the value of the secret as its content. Since we have two attributes, two files will be created. If you view the file, you will see the value of the key is in the content of the file.

Additionally

• To view the secrets kubectl get secrets.

• To describe secrets kubectl describe secret <secret_name>.

• To describe secret in YAML format kubectl get secret <secret_name> -o yaml.

Finally, this is all about secrets. In a nutshell, we discussed why secrets are important, how to create secrets and how to inject secrets into the pods. Leave your feedback. See you again with an interesting topic. Best of luck!!

Previous article: Kubernetes for Beginners — Part 08 (ConfigMaps)

👋 Join FAUN today and receive similar stories each week in your inbox! ️ Get your weekly dose of the must-read tech stories, news, and tutorials.

Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇