๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

Grafana
An open-source analytics and visualization platform for creating dashboards from various data sources.
Rolling Update
A deployment strategy that gradually replaces old application instances with new ones, maintaining availability throughout.
Observability
The ability to understand a system's internal state from its external outputs through metrics, logs, and traces.
Log Aggregation
The process of collecting, centralizing, and indexing log data from multiple sources for unified search and analysis.
Vault
A tool by HashiCorp for securely managing secrets, encryption keys, and certificates with dynamic secret generation.
Infrastructure Drift
The divergence between the actual state of infrastructure and its defined desired state, caused by manual changes or untracked modifications.
View All DevOps Terms โ†’