https://drive.google.com/file/d/11eaDLUJR1O-Ykc29_XRjWMpFgs5T4Ic5/view?usp=sharing
A Secret is a Kubernetes resource that stores sensitive data like passwords, API keys, tokens, or certificates โ separate from your application code and container image.
๐ Important: Secrets are base64-encoded (not encrypted). For true encryption, enable etcd encryption at rest.
Think of a Secret like a password manager โ it keeps your credentials safe, separate, and injects them only when needed โ never baked into your app.
Step 1: Create a Secret (using stringData for readability)
# db-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql-creds
namespace: dev
type: Opaque
username: "admin"
password: "s3cr3tP@ss123"
โ Note: stringData lets you write plain text โ Kubernetes auto-encodes it to base64.
Apply it:
kubectl apply -f db-secret.yaml
Step 2: Use It in a Pod
# mysql-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql-app
namespace: dev
spec:
containers:
- name: app
image: nginx
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: mysql-creds
key: username
- name: DB_PASS
valueFrom:
secretKeyRef:
name: mysql-creds
key: password
Apply and test:
kubectl apply -f mysql-pod.yaml
kubectl exec mysql-app -n dev -- printenv | grep DB_PASS
# Output: DB_PASS=s3cr3r3tP@ss123
โ Result: Your app gets secrets without hardcoding them!