🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

Container Registry
A storage and distribution service for container images, similar to a package repository but for Docker images.
Grafana
An open-source analytics and visualization platform for creating dashboards from various data sources.
Terraform
An open-source tool for provisioning and managing cloud infrastructure using declarative configuration files.
SonarQube
A platform for continuous code quality inspection that detects bugs, vulnerabilities, and code smells through static analysis.
Helm
A package manager for Kubernetes that simplifies deploying and managing applications using reusable, configurable charts.
GitOps
A practice where Git repositories serve as the single source of truth for both application code and infrastructure configuration.
 View All DevOps Terms →