K8s Secrets

Jan 1, 0001

Definition

K8s Secrets are a Kubernetes resource used to store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys. They allow for the secure handling of confidential data by keeping it separate from application code and configuration files. Secrets are encoded in base64 and can be mounted as volumes or exposed as environment variables to pods, ensuring that sensitive data is only accessible to authorized components within the cluster.

Secure Settings Example

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: my-namespace
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded 'admin'
  password: MWYyZDFlMmU2N2Rm  # base64 encoded '1f2d1e2e67df'
---
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: my-namespace
spec:
  containers:
    - name: my-container
      image: my-image
      env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

Insecure Settings Example

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: default
type: Opaque
data:
  username: admin  # Plain text, not base64 encoded
  password: 1f2d1e2e67df  # Plain text, not base64 encoded
---
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
    - name: my-container
      image: my-image
      env:
        - name: USERNAME
          value: admin  # Directly using plain text
        - name: PASSWORD
          value: 1f2d1e2e67df  # Directly using plain text

K8s Secrets

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter