🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

GitOps
A practice where Git repositories serve as the single source of truth for both application code and infrastructure configuration.
Trunk-Based Development
A source control strategy where developers integrate small changes directly into the main branch frequently, often multiple times per day.
ArgoCD
A declarative GitOps continuous delivery tool for Kubernetes that automatically syncs cluster state with Git repositories.
GitHub Actions
A CI/CD platform integrated into GitHub that automates build, test, and deployment workflows using YAML configuration.
Terraform
An open-source tool for provisioning and managing cloud infrastructure using declarative configuration files.
Makefile
A file containing build rules and commands that automates compilation and common project tasks using the make utility.
 View All DevOps Terms →