Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

☑️Day 42: Exploring Secrets in Kubernetes🚀

Published
4 min read
☑️Day 42: Exploring Secrets in Kubernetes🚀
K
Kedar Pattanshetti

🔹Table of Contents :

  • Introduction

  • Benefits of Using Secrets

  • Creating and Managing Secrets

  • Real-Time Scenarios for Using Secrets

  • Hands-On Tasks

  • Detailed Commands and Examples

  • Common Challenges and Troubleshooting

✅What are Secrets in Kubernetes?

  • Secrets are used to store sensitive data, like passwords, API keys, and certificates, separately from the application code.

  • They provide a more secure way to store sensitive information compared to ConfigMaps because they are base64 encoded.

  • Kubernetes Secrets are not encrypted by default but are encoded to prevent accidental exposure.

✅Why Use Secrets?

  • Secure Storage: Helps keep sensitive information separate from application code and configuration.

  • Access Control: Secrets can be accessed only by the Pods that have been granted access.

  • Simplified Management: Managing secrets across different environments (Dev, Test, Prod) becomes easier and more secure.

✅Creating Secrets in Kubernetes

1. Using kubectl Command

You can create a secret using the kubectl command:

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret123

2. Creating Secrets Using a YAML File

A YAML file can also be used to create secrets. Here’s an example of a secret.yaml file:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded "admin"
  password: c2VjcmV0MTIz  # base64 encoded "secret123"

Apply the YAML file with:

kubectl apply -f secret.yaml

✅Encoding and Decoding Secrets

  • Encode a String to Base64:

      echo -n "admin" | base64

  • Decode a Base64 String:

      echo -n "YWRtaW4=" | base64 --decode

✅Tasks Performed

Task 1: Decrypt a Secret in YAML Format

  1. Create a file named application.properties with some sensitive information.

     echo "db.username=admin" > application.properties
 echo "db.password=secret123" >> application.properties

  2. Encrypt the contents using kubectl:

     kubectl create secret generic app-secrets --from-file=application.properties

  3. View the secret in YAML format (note that the data will be base64 encoded):

     kubectl get secret app-secrets -o yaml

  4. Decode the data manually to verify:

     echo -n "<base64_encoded_value>" | base64 --decode

Task 2: Create a Secret from environment.sh

  1. Create the environment.sh file with the following content:

     echo "variable1=value1" > environment.sh

  2. Create a secret using the file:

     kubectl create secret generic env-secret --from-file=environment.sh

  3. View the created secret:

     kubectl get secret env-secret -o yaml

  4. Decode the base64 encoded values:

     echo -n "<base64_encoded_value>" | base64 --decode

Task 3: Create Secrets for MySQL

  1. Encrypt MySQL username and password:

     echo -n "mysqluser" | base64
 echo -n "mysqlpassword" | base64

  2. Create a mysql-secret.yaml file:

     apiVersion: v1
 kind: Secret
 metadata:
   name: mysql-secret
 type: Opaque
 data:
   databaseusername: bXlzcWx1c2Vy  # base64 encoded "mysqluser"
   databasepassword: bXlzcWxwYXNzd29yZA==  # base64 encoded "mysqlpassword"

  3. Apply the secret:

     kubectl apply -f mysql-secret.yaml

  4. Verify the created secret:

     kubectl get secret mysql-secret -o yaml

  5. Decode to confirm the values:

     echo -n "bXlzcWx1c2Vy" | base64 --decode
 echo -n "bXlzcWxwYXNzd29yZA==" | base64 --decode

✅Real-Time Scenarios Where Kubernetes Secrets Are Useful

  • Database Credentials: Storing database usernames and passwords securely.

  • API Keys and Tokens: Managing access tokens for third-party services.

  • SSL Certificates: Storing SSL certificates to enable secure communication.

✅Commands Recap

  • Create a Secret from literals:

      kubectl create secret generic my-secret --from-literal=username=admin

  • Create a Secret from a file:

      kubectl create secret generic my-secret --from-file=application.properties

  • Encode to Base64:

      echo -n "value" | base64

  • Decode from Base64:

      echo -n "encoded_value" | base64 --decode

  • Apply a YAML file:

      kubectl apply -f secret.yaml

  • Get a Secret in YAML format:

      kubectl get secret my-secret -o yaml

  • Delete a Secret:

      kubectl delete secret my-secret

🚀Thanks for joining me on Day 42! Let’s keep learning and growing together!

Happy Learning! 😊

#90DaysOfDevOps

💡
Follow for more updates on LinkedIn , Github and Twitter(X)
#devops#devops-articles#devops-journey#devopscommunity#docker#docker-images#kubernetes#containers#security#secrets#trainwithshubham#tws#shubhamlondhe#90daysofdevops#90daysofdevops-chanllenge

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Untitled Publication

71 posts