secrets

• create secret

  • use raw data

  • from a file

  • from file with base64

• decode the secret

referecens:

• Managing Secrets using kubectl

  • Managing Secrets using Configuration File

  • Managing Secrets using Kustomize

create secret

use raw data

$ kubectl create secret generic db-user-pass \
          --from-literal=username=admin \
          --from-literal=password='marslo'

from a file

$ echo -n 'admin' > ./username.txt
$ echo -n 'marslo' > ./password.txt

$ kubectl create secret generic db-user-pass \
          --from-file=./username.txt \
          --from-file=./password.txt

# or `--from-file=[key=]source`
$ kubectl create secret generic db-user-pass \
          --from-file=username=./username.txt \
          --from-file=password=./password.txt

from file with base64

$ echo -n 'admin' | base64
YWRtaW4=
$ echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm

# create manifest
$ cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

# create
$ kubectl apply -f ./secret.yaml

decode the secret

$ kubectl get secret db-user-pass -o jsonpath='{.data}'
{ "password": "bWFyc2xvCg==", "username": "YWRtaW4=" }

$ echo 'bWFyc2xvCg==' | base64 -d
marslo

• oneline

  $ kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode