base64
encoded format<aside>
⚠️ The data stored in the Secret, when the container (pod) is created, is used to set the environment variables. If the Secret gets updated later, the pod will continue to use the old value. We need to re-create the pods by performing a rollout (k rollout restart deployment <deployment-name>
) on the deployment to make the new pods use the new data.
</aside>
Same as ConfigMap except the kind
and the base64 encoded values.
apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
USERNAME: adfcfe==
PASSWORD: asdgfgv==
<aside>
💡 To view the secrets along with their encoded values, run
k get secret <secret-name> -o yaml
</aside>
Passing the entire Secret of key-values pairs to ENV
apiVersion: v1
kind: Pod
metadata:
labels:
name: app
spec:
containers:
- name: httpd
image: httpd:2.4-alpine
envFrom:
- secretRef:
name: app-secret
Passing a single key-value pair of the secret to ENV
apiVersion: v1
kind: Pod
metadata:
labels:
name: app
spec:
containers:
- name: httpd
image: httpd:2.4-alpine
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: app-secret
key: PASSWORD
Passing a file as Secret by mounting the Secret as a volume
apiVersion: v1
kind: Pod
metadata:
labels:
name: app
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: nginx-secret-volume
mountPath: /etc/nginx/conf.d/
volumes:
- name: nginx-secret-volume
secret:
name: nginx-secret