blog
  • Blogs
    • Medium Articles
      • Linux
        • 40 Powerful Linux Networking Commands You Must Know.
        • These (Linux) VI Editor Shortcuts You Must Know
        • Bash/Linux Interview Questions for DevOps Engineers
        • Page 1
      • Git
        • 40 Powerful Git Commands Every Developer Should Know
        • 10 Git Best Practices That Every Developer Must Know
      • DevOps/SRE Interview Questions and Answers
        • Top DevOps/SRE Interview Questions and Answers on AWS VPC
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Terraform Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Kubernetes Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Dockerfiles
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Grafana
      • Installation
        • Docker Installation on Ubuntu 20/22
        • Install WireGuard VPN on Docker Compose
        • Install Redis on Docker Compose
        • Gravitee Docker Compose
      • Kubernetes Series 2025
        • Understanding Kubernetes: Part 1 -Control Plane
        • Understanding Kubernetes: Part 2 -Worker Node
        • Understanding Kubernetes: Part 3 -Pod
        • Understanding Kubernetes: Part 4-ReplicaSets
        • Understanding Kubernetes: Part 5 -Deployment
        • Understanding Kubernetes: Part 6 -DaemonSets
        • Understanding Kubernetes: Part 7 -StatefulSet
        • Understanding Kubernetes: Part 8 -ConfigMap
        • Understanding Kubernetes: Part 9 -Kubernetes Secret
        • Understanding Kubernetes: Part 10 -StorageClass
        • Understanding Kubernetes: Part 11 -Persistent Volume (PV)
        • Understanding Kubernetes: Part 12 -Persistent Volume Claim (PVC)
        • Understanding Kubernetes: Part 13 -Services
        • Understanding Kubernetes: Part 14 -ClusterIP Service
        • Understanding Kubernetes: Part 15 -NodePort Service
        • Understanding Kubernetes: Part 16 -Load Balancer Service
        • Understanding Kubernetes: Part 17 -Ingress
        • Understanding Kubernetes: Part 18 -Ingress Controller
        • Understanding Kubernetes: Part 19 -Headless Service
        • Understanding Kubernetes: Part 20-Network Policy
        • Understanding Kubernetes: Part 21 -CNI
        • Understanding Kubernetes: Part 22 Kubernetes Resource Requests & Limits
        • Understanding Kubernetes: Part 23 Node Selector
        • Understanding Kubernetes: Part 24 Taints and Tolerations
        • Understanding Kubernetes: Part 25 Affinity and Anti-Affinity
        • Understanding Kubernetes: Part 26 Preemption and Priority
        • Understanding Kubernetes: Part 27 Role and RoleBinding
        • Understanding Kubernetes: Part 28 ClusterRole and ClusterRoleBinding
        • Understanding Kubernetes: Part 29 Service Account
        • Understanding Kubernetes: Part 30 Horizontal Pod Autoscaler (HPA)
        • Understanding Kubernetes: Part 31 Vertical Pod Autoscaler (VPA)
        • Understanding Kubernetes: Part 33 Startup Probe
        • Understanding Kubernetes: Part 34 Liveness Probe
        • Understanding Kubernetes: Part 35 Readiness Probe
        • Understanding Kubernetes: Part 36 Container Network Interface (CNI)
        • Understanding Kubernetes: Part 37 Container Runtime Interface (CRI)
        • Understanding Kubernetes: Part 38 Container Storage Interface (CSI)
      • Cloudflare
        • Cloudflare Tunnel for Secure HTTP Routing
      • Nginx
        • Nginx use cases that every engineer must know
Powered by GitBook
On this page
  • What is a Kubernetes Secret?
  • For example:
  • Kubernetes Secret Capabilities:
  • In my previous role:
  • Here’s a simple YAML for a Kubernetes Secret:
  • 🚀 Ready to Master Kubernetes?
  1. Blogs
  2. Medium Articles
  3. Kubernetes Series 2025

Understanding Kubernetes: Part 9 -Kubernetes Secret

PreviousUnderstanding Kubernetes: Part 8 -ConfigMapNextUnderstanding Kubernetes: Part 10 -StorageClass

Last updated 4 months ago

If you’ve been following our Kubernetes series 2025, welcome back! For new readers, check out Part 8:

What is a Kubernetes Secret?

A Kubernetes Secret is an object used to store sensitive information, such as passwords, OAuth tokens, SSH keys, or certificates. It helps manage confidential data securely by avoiding hardcoding sensitive values in application code or configuration files. Secrets are stored in base64-encoded format and can be accessed by pods and applications in a secure way.

For example:

If your application requires a database password or an API key to access a third-party service, you can store these sensitive values in a Kubernetes Secret. The secret can then be mounted as environment variables or volumes, ensuring that sensitive data is handled securely, without exposing it in plaintext.

Kubernetes Secret Capabilities:

  • Secure Storage: Stores sensitive data in an encrypted format within the Kubernetes cluster.

  • Access Control: Can be restricted with RBAC (Role-Based Access Control) to limit access to authorized users and services.

  • Multiple Usage: Can be injected as environment variables, volumes, or as part of a service account for pod authentication.

  • Base64 Encoding: While secrets are base64-encoded, it’s important to note that base64 is not encryption, so you should consider using encryption at rest for enhanced security.

In my previous role:

As a Senior DevOps Engineer, I used Kubernetes Secrets to securely manage API keys and database credentials for microservices. For example, we stored sensitive credentials for a PostgreSQL database in a Secret and injected it into application containers as environment variables. This approach kept sensitive information secure while enabling easy access for applications. We also implemented RBAC policies to ensure only authorized services could access the secrets, adding an extra layer of security.

Here’s a simple YAML for a Kubernetes Secret:

apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
type: Opaque
data:
  DB_USERNAME: cG93ZXI=        # 'power' in base64 encoding
  DB_PASSWORD: c2VjdXJlX2p3b3A=  # 'secure_jwop' in base64 encoding

This Secret contains the database username (power) and password (secure_jwop) encoded in base64. These values can be accessed by pods by mounting the Secret as environment variables, ensuring that sensitive data is securely managed within the cluster. Kubernetes Secrets provide an essential mechanism for handling sensitive information in a secure and scalable way.

🚀 Ready to Master Kubernetes?

Take your Kubernetes journey to the next level with the Master Kubernetes: Zero to Hero course! 🌟 Whether you’re a beginner or aiming to sharpen your skills, this hands-on course covers:

✅ Kubernetes Basics — Grasp essential concepts like nodes, pods, and services. ✅ Advanced Scaling — Learn HPA, VPA, and resource optimization. ✅ Monitoring Tools — Master Prometheus, Grafana, and AlertManager. ✅ Real-World Scenarios — Build production-ready Kubernetes setups.

🎓 What You’ll Achieve

💡 Confidently deploy and manage Kubernetes clusters. 🛡️ Secure applications with ConfigMaps and Secrets. 📈 Optimize and monitor resources for peak performance.

Don’t miss your chance to become a Kubernetes expert! 💻✨

🔥 Start Learning Now: [Join the Master Kubernetes Course]()

🚀 Stay ahead in DevOps and SRE! 🔔 and never miss a beat on Kubernetes and more. 🌟

https://cloudops0.gumroad.com/l/k8s
Subscribe now
Understanding Kubernetes: ConfigMap
Certified kubernetes admin