Kubernetes Secrets
Posted: 27 Oct 2021
Updated: 20 Dec 2021
Verified: 20 Dec 2021
Kubernetes secrets allow you to manage sensitive information like credentials or security certification.
Possibly the best way to deal with secrets is with kubeseal.
$ kubectl --namespace default create secret generic mysecret --dry-run=client \
--from-literal key=value --output json | kubeseal | tee secret.json
This will produce an encrypted version of your secret, that you can then safely store in git and apply in the normal way:
$ kubectl create -f secret.json
You will need to have a kubernetes cluster configured in order to use kubeseal. It uses assymetric encryption which only the controller running in the target cluster can unencrypt.
Cloud services usually have some sort of secrets manager component too. If you store your secrets here, you can use something like external-secrets.io to retrieve them from your cloud provider and inject them into your kubernetes manager.