Today, most of the applications we build needs to have access to different sources, databases, services or other things in order to make the application works.
In such cases we should find a way to organize and store our sensitive information properly and securely but also access them easily from our application.
When using Kubernetes as a orchestration system we have two options to store our sensitive information, in Secrets or ConfigMaps.
If you read the k8s documentation itself there’s clearly stated that:
“Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.”
By that fact, we’ll use Secrets approach and in the following we’ll explain different ways to create and store them in a Kubernetes cluster.
Create Kubernetes secrets
To create a completely new “secrets object” in Kubernetes, you need to call a few kubectl commands.
First of all we need to create a new file containing the configuration we want to push to a k8s cluster. Let’s assume this file is called secrets.json. From this point there are two simple ways to create the k8s secrets. First one is the “long” way and we do that by executing the following commands:
kubectl create secret generic NAME_OF_SECRET --from-file=secrets.json -o yaml > secret.yaml
kubectl apply -f .\secret.yaml --recordor we can do it “short” way by only one-line command without having the need for the temporary secret.yaml file:
kubectl create secret generic NAME_OF_SECRET --from-file=secrets.json -o yaml | kubectl apply -f -Notice that you’ll have to replace NAME_OF_SECRET with the name you want to give the secret.
Using Lens tool
Another option is to use the open-source IDE for Kubernetes named Lens.
When you open the Lens dashboard on the left-side menu you’ll see Configuration menu and under it you’ll also see the Secrets menu which if you click you’ll end up to this view containing the list of available secrets for given namespace/s.
Make sure to click the + button and a modal will popup to add the basic information about secret you are going to create and it will look like this.
Under SECRET NAME write the name of secret you want to push. Then choose the desired namespace in which the secret will live. On the secret type make sure to choose Opaque one which means it’s an arbitrary type which allows entering user-defined data.
We also need to define the configuration of k8s object in our case k8s secrets and we do that by typing them under ANNOTATIONS section where the Name should be kubectl.kubernetes.io/last-applied-configuration and the value should be an json configuration file/text like the following one:
{
"apiVersion": "v1",
"data": {
"app.json": "ewogICJLZXkiOiAidmFsdWUiCn0="
},
"kind": "Secret",
"metadata": {
"annotations": {},
"name": "secrets",
"namespace": "default"
},
"type": "Opaque"
}You can see that under data we’ve defined app.json with an encoded value which typically are the secret information we pass to DATA section on the modal and that’s this basic json information.
{
"Key": "value"
}At this point the secret is ready to be created and when you click Create you’ll see it listed under the secrets table.