https://drive.google.com/file/d/1sU2A8o26AZGml3tADoaY0gnO_GresyXy/view?usp=sharing

🎯 What It Is

Kubernetes Secrets support two ways to define sensitive values:

• data: Requires base64-encoded strings (hard to read/write)
• stringData: Accepts plain-text strings (Kubernetes auto-encodes them)

✅ Always prefer stringData — it’s human-readable, less error-prone, and easier to manage.

💡 Real-World Analogy

Writing a password:

• data: You manually encode it → cGFzc3dvcmQ=
• stringData: You write it normally → password → system handles encoding

🧪 Example: Create a Secret with stringData (Recommended)

Step 1: Define Secret with stringData

# api-secret.yaml
apiVersion: v1
kind: Secret
meta
  name: github-creds
  namespace: ci

  # Plain text — no base64!
  token: "ghp_AbC123xYz456"
  username: "dev-team-bot"

Apply it:

kubectl apply -f api-secret.yaml

Step 2: Verify Kubernetes Encoded It

kubectl get secret github-creds -n ci -o yaml

✅ You’ll see:

  token: Z2hwX0FiQzEyM3hZejQ1Ng==   # auto-encoded
  username: ZGV2LXRlYW0tYm90          # auto-encoded

Step 3: Use in a Pod

spec:
  containers:
  - name: ci-runner
    image: alpine
    env:
    - name: GITHUB_TOKEN
      valueFrom:
        secretKeyRef:
          name: github-creds
          key: token