Back to Certified Kubernetes Administrator (CKA) Tutorial
Search for secret and find Secrets.
helm install dev config-map-environment
View ConfigMap.
View logs.
helm install dev config-map-volume
View logs.
Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image.
-Kubernetes-Secrets
helm install dev secret-environment
View Secret.
view logs.
Decode Secret. Interesting.
note: Notice that the type is Opaque but others are different. This is just about validation of the data as seen from the source code.
Inside the container that mounts a secret volume, the secret keys appear as files and the secret values are base64 decoded and stored inside these files.
-Kubernetes-Secrets
helm install dev secret-volume
When a secret currently consumed in a volume is updated, projected keys are eventually updated as well. The kubelet checks whether the mounted secret is fresh on every periodic sync.
-Kubernetes-Secrets
note: K8s does take precautions to limit the risk of exposing secrets; see Secrets link. But still feels weird that Secrets are still just Base64 encoded.
Posted On: Mar 5, 2020 You can now use AWS Key Management Service (KMS) keys to provide envelope encryption of Kubernetes secrets stored in Amazon Elastic Kubernetes Service (EKS). Implementing envelope encryption is considered a security best practice for applications that store sensitive data and is part of a defense in depth security strategy.
-AWS-Amazon EKS adds envelope encryption for secrets with AWS KMS