🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

Error Budget
The acceptable amount of unreliability allowed for a service, calculated as 100% minus the Service Level Objective.
Ansible
An agentless automation tool for configuration management, application deployment, and task automation using YAML playbooks.
Istio
An open-source service mesh that provides traffic management, security, and observability for microservices on Kubernetes.
Runbook
A documented set of standardized procedures for handling routine operations and incident response in production systems.
Prometheus
An open-source monitoring and alerting toolkit that collects time-series metrics using a pull-based model.
Message Queue
A communication mechanism that enables asynchronous message passing between services, decoupling producers from consumers.
 View All DevOps Terms →