secrets

Creating confidential information in a cluster

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image.

docker-registry

  • Create a secret for use with a Docker registry
kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run=server|client|none]

Example

Command

kubectl create secret docker-registry my-secret --docker-username=kubectluser --docker-password=somepassword --docker-email=kubectl@kubectl.com --from-literal=token=GGH132YYu8asbbAA

Output

$ kubectl get secrets

NAME                  TYPE                      DATA   AGE
my-secret             Opaque                    1      14s

generic

  • Create a secret from a local file, directory or literal value
$ kubectl create generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]

Example

Input File

// file-name: simplesecret.txt
kjbfkadbfkabjnaAdjna

Command

kubectl create secret generic my-secret --from-file=simplesecret.txt

Output

$ kubectl get secrets

NAME                  TYPE                      DATA   AGE
my-secret             Opaque                    1      14s

tls

  • Create a secret from tls certificate and key
$ kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run=server|client|none]

Example

Input File

# tls.cert
LS0tLS1CRUd...tCg==
# tls.key
LS0tLS1CRUd...0tLQo=

Command

kubectl create secret tls my-secret --cert=tls.cert --ket=tls.key

Output

$ kubectl get secrets

NAME                  TYPE                      DATA   AGE
my-secret             Opaque                    1      14s


Last modified September 23, 2020: docs update (b46eb865)