How to pass secrets as environment variables in kubernetes cluster

Table of Contents

  1. What are the secrets?
  2. Types of secrets:
    1. Built-in Secrets
    2. Creating your Secrets
  3. Practical
  1. What are the secrets? 
  1. Kubernetes secrets objects let you store and manage sensitive information, such as passwords, authorization tokens, and ssh keys.
  2. Putting this information in a secret is safer and more flexible than putting it verbatim in a pod lifecycle definition or a container image.

2. Types of secrets

a. Built-in Secrets

  1. Kubernetes automatically creates secrets that contain credentials for accessing the API and it automatically modifies your pods to use this type of secret.
  2. The automatic creation and use of API credentials can be disabled or overridden if desired. However, if all need to do is securely access the API server, this is the recommended workflow.

b. Creating your Secrets

  1. The kubectl create secret command packages these files into a secret and creates the object on the API server
  2. This is to protect the secrets from being exposed accidentally to an onlooker, or from being stored in a terminal log.

3. Practical:

  1. First of all, we should log in as a root user.
  2. It some pods need to access a database the username and password that the pod should use is in the files. 
  3. ./username.txt and ./password.txt on your local machine
  4. To store the username and password use this command
  5. Echo -n ‘admin’ > ./username.txt
  6. Echo -n ‘1f2dle2e67df’ > ./password.txt

The kubectl create secrete command packages these files into a secret and create the object on the API server.

So we will use this command:

Kubectl create secret generic db-user-pass- -from-files./username.txt – -from-file=./password.txt


Now to check the status of the service we can use the command: kubectl get secrets


Now here you can see that the default token along with the db-user -pass has been created.

Now if you want to check services running in this we can simply use this command:

Kubectl describe secrets/db-user-pass


If you creating a secrete store two strings in a secret using the data field convert time to base64 as follows:

echo -n ‘admin’ | base64 YWRtaW4=

echo -n ‘1f2d1e2e67df’ | base64 MWYyZDF1MmU2N2Rm=

  1. After this, we will create a secrete file which is vi secrets yaml. We will test this configuration and we will save this file 

We will use this command:

Kubectl create -f ./secretyaml – – validate =false


If you want to decode the secret file which we have created using this command:

 Kubectl get secret mysssecret -o yaml


Video Tutorial


Leave a Reply

Your email address will not be published. Required fields are marked *