DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Learn More About This Topic

Microservices with Docker and Kubernetes

Related reading

Kubernetes Fundamentals

Related reading

Kubernetes Security & Best Practices

Related reading

Related Terms

Chaos Engineering

The discipline of deliberately introducing failures into a system to test its resilience and identify weaknesses before they cause outages.

A popular log management platform combining Elasticsearch (search), Logstash (processing), and Kibana (visualization).

A declarative GitOps continuous delivery tool for Kubernetes that automatically syncs cluster state with Git repositories.

A server that acts as the single entry point for API requests, handling routing, authentication, rate limiting, and monitoring.

Immutable Deployment

A deployment strategy where new versions replace existing instances entirely rather than updating them in place.

A branching model for Git that defines a strict workflow with feature, develop, release, hotfix, and main branches.

View All DevOps Terms →