Most applications need access to secrets.  This a step-by-step hands on tutorial on using kubernetes secrets and passing them into your applications. 

Kubernetes is a popular way to run containerized applications in cloud. 

Often our applications require access to some sensitive data such as API Key, passwords, certificate files etc. Kubernetes offers a secure way to pass secrets to your application without needing to put those into your code or docker images.&nbsp;

A kubernetes secret is a object in kubernetes that contains sensitive information. Its life cycle is independent of the pods. In this tutorial, we will walk you through the different ways you can read/write kubernetes secrets.&nbsp; 

But before that, there are a few basics to understand -

Configmaps are kubernetes objects to store configuration data.&nbsp; Configmaps are passed to your application as environment variables, config files or application arguments. 

But ConfigMaps are not recommended for storing sensitive data.&nbsp;

Kubernetes secrets and configmaps work very similarly. But kubernetes handles secrets in a more diligent manner than secrets. e.g. as per official docs -&nbsp;

As per <a href="https://kubernetes.io/docs/concepts/configuration/secret/">official documentation</a>, kubernetes secrets are stored un-encrypted form in underlying etcd server. So, anyone with API access to kubernetes cluster, can easily view the secrets. But with some additional configurations, it is possible to make secrets encrypted and secure.&nbsp;

To secure secrets, it's important that you -

You need latest versions of below utilities on your system before you try this tutorial -&nbsp;

Introduction

There are 3 easy ways to generate a secret in kubernetes.

Let's first create a file with some secret data

Then you can create the secret using kubectl&nbsp;

You can create a secret using a config file as well.&nbsp;

Let's put this secret in below configuration file -

Now,&nbsp; you can create secret by simply

You can also create a same secret using one line command -

You can verify your secret key using below command-

Creating A K8s Secret

Access&nbsp;kubernetes secrets as environment variables

There are 2 different ways you can access your kubernetes secrets in your applications. 

In this step, we will access the secret as environment variable. You can skip the step if you want to mount the secret. 

Using your secret as a environment variable makes it very easy to access inside your application.&nbsp;

Let's create a simple dummy application that prints environment variable. For demonstration, I am using a simple Node.js application.

Now, lets build a docker image and allow minikube to access it -

Configure pod to use Secret as Environment Variable

Let's create a pod config file - app.yaml with below configuration

As you can see in above code, we are asking kubernetes to pass the access-key from api-key and pass as&nbsp;API_ACCESS_KEY

Now, if you see the pod logs, you can see whether our app was able to access the secret&nbsp; -

Access K8s Secret as Environment Variable

In this step, we will access the secret as mounted file approach. Then the secret is available to the application at given mouth path.

Let's create a simple dummy application. For demonstration, I am using a simple Node.js application. Let's simply print the contents of a file&nbsp;<code class="inline-code">/etc/secrets/access-key</code>&nbsp;to console.

Let's define the Dockerfile to package the application

Now, lets create a docker image and allow minikube to access it -

Configure Pod To Use Secret As&nbsp;mounted file

As you can see in above code, we are asking kubernetes to pass secret api-key and mount on /etc/secrets path.

Access K8s Secret As Mounted Variable

If you want to delete all resources created during this tutorial, then you can use below commands

Clean Up

This tutorial gave you a simple hands-on experience with Kubernetes secrets. However, to use kubernetes in production, you should consider additional best practices to secure your secrets. 

More details on this are available on official documentation

How to read and write kubernetes secrets? : A practical guide (2022)

Nilesh Mahajan

Deliya Chaudhary