Kubernetes: The Truth No One Wants To Tell About Secret

Photo by Caleb Oquendo: https://www.pexels.com/photo/man-wearing-black-blazer-3051576

What is Secret

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code. — Kubernetes Official documentation

apiVersion: v1
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: { ... }
creationTimestamp: 2020-01-22T18:41:56Z
name: mysecret
namespace: default
resourceVersion: "164619"
uid: cfee02d6-c137-11e5-8d73-42010af00002
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm

Kubernetes mechanisms to keep Secret data safe and secured

The Hard Truth About Secrets On Production

Actually, secrets data are base64 encoded. But you only need to apply a reverse base64 et you’ll get the plain data.

What does Kubernetes documentation suggest?

The Problems With Secrets On Production

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store