Kubernetes provides the “kubectl secret” commands which help the developers to design, modify, maintain, and remove all the secrets that are stored in the Kubernetes cluster. This article discusses the “kubectl secret” commands and their various options. We will also cover the commands that are required to create, modify, and delete the secrets in Kubernetes.
Start the Minikube Cluster
Before we begin, we need to make sure that our minikube cluster is up and perfectly running. To ensure that, we need to start it specifically. First, let us start it by executing the following command:
After executing the minikube start command, the following output is generated in your Kubernetes command line terminal:
Procedure 1: Create a Secret in Kubernetes with Raw Data
To create a secret, use the “kubectl create secret” command. In this procedure, we create a secret named “secret1” by providing a key-value pairs username and password in the terminal at the run time. To create this secret, run the following command:
Along with this command, provide the username and password of the secret:
--from-literal=password='helloworld'
Once you provide all the required details and press enter, the secret is created in your Kubernetes cluster. See the following output for verification:
The “kubectl create secret generic secret1” command creates a secret named “secret1” of generic type by taking the raw data from the terminal at the run time.
Procedure 2: Create a Secret in Kubernetes with Source Files
The other procedure is to create the secret using the source file. In order to create a secret in Kubernetes, we keep the secret’s username and password in two separate files: “username.txt” and “password.txt”.
Step 1: Create the Source Files
First, create a file named “username.txt” to store the username in it with the following command:
Next, create a file named “password.txt” to store the password with the following command:
As you can notice, echo is followed by “-n” each time while creating and storing the secret in the files. The “-n” is required to ensure that no extra line embeds at the end of the text, and that it remains the same as provided. This is essential to ensure that no extra characters or extra line are encoded when kubectl converts the content of the file into a “base64” string.
Step 2: Create a Secret from the Files
In this step, we create a secret from the files that we created in the previous step. We use the “kubectl create secret” command to create a secret named “secret1” by passing the file path of the two files – “username.txt” and “password.txt”. To create this secret, run the following command:
--from-file=kalsoom=./username.txt
--from-file=helloworld=./password.txt
This command creates a secret named “secret1” of generic type and includes a key-value pair of username and password.
List and Verify the Secrets
To view the list of all the secrets that are stored in the Kubernetes cluster, we can use the “kubectl get secrets” command.
Step 1: List Down All the Secrets for Verification
To get all the secrets in your Kubernetes cluster, run the following command:
This command displays a list of all the secrets that are stored in the Kubernetes cluster. See the following result:
Step 2: Get the Details of the Secrets
Now, if you need the details of the listed secrets, you can use the “kubectl describe secret” command. To get this, run the following command:
This command displays a detailed information about the secret named “secret1” including the key-value pairs. See the following given results:
Note that the content of the secret is hidden; only the length of the data is provided. The “get” and “describe” commands do not show the content by default to ensure that no secrets and confidential data are exposed accidentally.
View and Delete the Secrets
After creating a secret, it can be useful to view its contents to ensure that the data is stored correctly. We can employ the “kubectl get secret” command with the -o jsonpath=’.data’ option to retrieve the contents of a given secret.
Run the following command in your minikube terminal:
This provides you with the following result:
Since the data that is stored in secrets is typically base64-encoded, it may be necessary to decode it in order to view its original value. To do that, you can use the following command:
The “kubectl get secret secret1 -o jsonpath='{.data}’” command can be used to retrieve the encoded data from the secret, and the “base64 –decode” command can be used to decode it. For example, the “echo ‘aGVsbG93b3JsZA==’ | base64 –decode” command decodes the “aGVsbG93b3JsZA==” string to the original value of “helloworld”. Verify the result in the following given output:
Deleting a Secret
If a secret is no longer needed, it can be deleted using the “kubectl delete secret” command followed by the name of the secret to be deleted. For example, the “kubectl delete secret secret1” command deletes the secret named “secret1”. It is crucial to keep in mind that removing a secret is irreversible, thus caution should always be exercised when doing so.
Let us delete the secrets that we created with the “delete” command:
When you execute this command, the “secret1” is permanently deleted from the cluster environment. See the result in the output:
Conclusion
The kubectl secret commands are a powerful tool to manage the secrets in Kubernetes clusters. With the ability to create, store, and retrieve the secrets, as well as view and delete them as needed, Kubernetes provides a robust solution to manage sensitive data in production environments. Organizations may make sure that their apps and data are shielded against unauthorized access and data breaches by adhering to recommended practices to secure the secrets.
Overall, using the kubectl secret commands is a simple and effective way to manage the secrets in Kubernetes. With the ability to create secrets from different types of data, store them securely, and retrieve them when needed, these commands can be used to store confidential information such as passwords, API keys, and other sensitive data that the applications need to function properly.
