Hello, readers! In this article, we will be focusing on Kubernetes Secrets in detail. So, let us begin! 🙂
Table of Contents
What is a Kubernetes Secrets?
A Kubernetes Secrets is a k8 API object that enables us to store a considerable about of sensitive information into it. That is, it helps us manage confidential information or sensitive data that is associated with the application within it so that nobody has direct access to the confidential data as such.
The basic type of data that goes into the secret includes passwords, database configuration details, Authentication tokens, Authentication JSON files, etc.
Having secret in place, the sensitive data stays protected as well as encrypted.
Types of Secrets in Kubernetes
We will be having a look at the below types of Kubernetes Secrets
- Opaque secret
- Service account token Secret
- Basic authentication secret
- SSH authentication secret
- TLS secrets
Let us now have a look at each one of them in the upcoming section.
1. Opaque Secret
This is the default secret type available in Kubernetes. We need to use generic keyword alongside the below command to create an Opaque secret-
kubectl create secret generic secret-name
To verify the created secret, use the below command-
kubectl get secret mysecret
NAME TYPE DATA AGE mysecret Opaque 0 1m2s
2. Service account token Secret:
It is used to store the token that will help the application identify the service account created in the namespace. While creating the same, we need to specify kubernetes.io/service-account.name annotation to be configured to the existing/created service-account name.
Template of the service account token secret creation-
apiVersion: v1 kind: Secret metadata: name: mysecret annotations: kubernetes.io/service-account.name: "service-account" type: kubernetes.io/service-account-token data: # sensitive data key: value
3. Basic authentication secret:
It stores the basic authentication secrets into it. To add, it requires two keys against which the values needs to be provided: ‘username’ and ‘password’. Template of basic authentication secret–
apiVersion: v1 kind: Secret metadata: name: mysecret type: kubernetes.io/basic-auth stringData: username: username password: password
4. SSH authentication secret
This type of secret is used to store data that is necessary for SSH authentication. For the same, it accepts data in a private key-value pair named as ‘ssh-privatekey’ to store the SSH credentials. Template for SSH auth secret–
apiVersion: v1 kind: Secret metadata: name: mysecret type: kubernetes.io/ssh-auth data: ssh-privatekey: | SSH credentials
5. TLS secret
In this type of secret, we can store necessary and standard authentication certificates and the keys needed to authenticate for TLS. We need to mention the secret type in the secret file as kubernetes.io/tls.
Template for TLS secret–
apiVersion: v1 kind: Secret metadata: name: mysecret type: kubernetes.io/tls data: tls.crt: | data tls.key: | data
By this, we have come to the end of this topic. Feel free to comment below, in case you come across any question.
For more such posts related to Kubernetes and Docker, Stay tuned with us.
Till then, Happy Learning!! 🙂