Kubernetes Secrets – All you need to know!

Filed Under: Random
Kubernetes Secrets

Hello, readers! In this article, we will be focusing on Kubernetes Secrets in detail. So, let us begin! 馃檪

What is a Kubernetes Secrets?

A Kubernetes Secrets is a k8 API object that enables us to store a considerable about of sensitive information into it. That is, it helps us manage confidential information or sensitive data that is associated with the application within it so that nobody has direct access to the confidential data as such.

The basic type of data that goes into the secret includes passwords, database configuration details, Authentication tokens, Authentication JSON files, etc.

Having secret in place, the sensitive data stays protected as well as encrypted.

Types of Secrets in Kubernetes

We will be having a look at the below types of Kubernetes Secrets

  1. Opaque secret
  2. Service account token Secret
  3. Basic authentication secret
  4. SSH authentication secret
  5. TLS secrets

Let us now have a look at each one of them in the upcoming section.

1. Opaque Secret

This is the default secret type available in Kubernetes. We need to use generic keyword alongside the below command to create an Opaque secret-

kubectl create secret generic secret-name

To verify the created secret, use the below command-

kubectl get secret mysecret


NAME        TYPE     DATA   AGE
mysecret   Opaque     0     1m2s

2. Service account token Secret:

It is used to store the token that will help the application identify the service account created in the namespace. While creating the same, we need to specify kubernetes.io/service-account.name聽annotation to be configured to the existing/created service-account name.

Template of the service account token secret creation-

apiVersion: v1
kind: Secret
  name: mysecret
    kubernetes.io/service-account.name: "service-account"
type: kubernetes.io/service-account-token
  # sensitive data
  key: value

3. Basic authentication secret:

It stores the basic authentication secrets into it. To add, it requires two keys against which the values needs to be provided: ‘username’ and ‘password’. Template of basic authentication secret–

apiVersion: v1
kind: Secret
  name: mysecret
type: kubernetes.io/basic-auth
  username: username
  password: password

4. SSH authentication secret

This type of secret is used to store data that is necessary for SSH authentication. For the same, it accepts data in a private key-value pair named as ‘ssh-privatekey’ to store the SSH credentials. Template for SSH auth secret–

apiVersion: v1
kind: Secret
  name: mysecret
type: kubernetes.io/ssh-auth
  ssh-privatekey: |
          SSH credentials

5. TLS secret

In this type of secret, we can store necessary and standard authentication certificates and the keys needed to authenticate for TLS. We need to mention the secret type in the secret file as kubernetes.io/tls.

Template for TLS secret–

apiVersion: v1
kind: Secret
  name: mysecret
type: kubernetes.io/tls
  tls.crt: |
  tls.key: |


By this, we have come to the end of this topic. Feel free to comment below, in case you come across any question.

For more such posts related to Kubernetes and Docker, Stay tuned with us.

Till then, Happy Learning!! 馃檪

Generic selectors
Exact matches only
Search in title
Search in content