From the course: Kubernetes Essential Training: Application Development

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Supplying sensitive data with Secrets

Supplying sensitive data with Secrets - Kubernetes Tutorial

From the course: Kubernetes Essential Training: Application Development

Start my 1-month free trial

Supplying sensitive data with Secrets

- [Instructor] In the last video, we saw how we can manage configuration data with Kubernetes, keeping it separate from our code and our container images and providing it to them at runtime. But what about when those data are secret or sensitive? Often our services need things like a database password or a third party API key. Kubernetes handles these kinds of data separately with a resource called, unsurprisingly, the Secret. You can use the Secret just like a ConfigMap, but the implementation is a little bit different. When secrets containing files are attached to pods, using that volume mechanism that we saw, the data in the Secret is never written to the disk of the worker node. The Secret data is encrypted at rest when it's stored in the database in the Kubernetes control plane, and the values are stored and retrieved Base64 encoded, which just makes it that little bit harder for people to shoulder surf them. So they're…

Contents