๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

Container Registry
A storage and distribution service for container images, similar to a package repository but for Docker images.
YAML
A human-readable data serialization language commonly used for configuration files in DevOps tools and applications.
Postmortem
A structured analysis conducted after an incident to understand what happened, why, and how to prevent recurrence โ€” without assigning blame.
Continuous Deployment
A practice where every code change that passes automated tests is automatically deployed to production.
Immutable Infrastructure
An approach where servers are never modified after deployment โ€” changes require building and deploying entirely new server instances.
API Gateway
A server that acts as the single entry point for API requests, handling routing, authentication, rate limiting, and monitoring.
View All DevOps Terms โ†’