DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Learn More About This Topic

Microservices with Docker and Kubernetes

Related reading

Kubernetes Fundamentals

Related reading

Kubernetes Security & Best Practices

Related reading

Related Terms

Continuous Deployment

A practice where every code change that passes automated tests is automatically deployed to production.

Artifact Repository

A centralized storage system for build artifacts like compiled binaries, packages, and container images used in CI/CD pipelines.

Infrastructure as Code (IaC)

The practice of managing infrastructure through machine-readable configuration files rather than manual processes.

Containerization

A lightweight virtualization method that packages applications with their dependencies into isolated, portable containers.

Configuration Management

The practice of systematically managing and maintaining consistent server configurations across infrastructure.

SRE (Site Reliability Engineering)

An engineering discipline that applies software engineering principles to infrastructure and operations to create reliable systems.

View All DevOps Terms →