๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

DevOps Intermediate

What is Kubernetes Secret?

A Kubernetes object for storing sensitive data like passwords, tokens, and certificates, with base64 encoding and optional encryption at rest.

Kubernetes Secrets store sensitive information separately from pod definitions and container images. They support types including Opaque (arbitrary data), kubernetes.io/tls (TLS certificates), and kubernetes.io/dockerconfigjson (container registry credentials). Secrets are base64-encoded by default (not encrypted) and can be encrypted at rest with EncryptionConfiguration. They are injected into pods as environment variables or mounted files. Best practices include using external secret managers (HashiCorp Vault, AWS Secrets Manager) with operators like External Secrets, enabling encryption at rest, limiting RBAC access to secrets, and rotating secrets regularly.

Related Terms

Docker Compose
A tool for defining and running multi-container Docker applications using a YAML configuration file.
GitFlow
A branching model for Git that defines a strict workflow with feature, develop, release, hotfix, and main branches.
Canary Deployment
A deployment strategy that gradually rolls out changes to a small subset of users before deploying to the entire infrastructure.
Trunk-Based Development
A source control strategy where developers integrate small changes directly into the main branch frequently, often multiple times per day.
Observability
The ability to understand a system's internal state from its external outputs through metrics, logs, and traces.
Prometheus
An open-source monitoring and alerting toolkit that collects time-series metrics using a pull-based model.
 View All DevOps Terms โ†’