DevOpsLesson
DevOpsLesson

Free, comprehensive DevOps tutorials and learning roadmaps. Master Docker, Kubernetes, CI/CD, and more.

Stay Updated

Get notified about new tutorials and features.

Tutorials

  • What is DevOps?
  • Docker Tutorial
  • Terraform Tutorial
  • CI/CD Pipeline
  • All Tutorials

Roadmaps

  • DevOps Engineer
  • Cloud Engineer
  • SRE Path
  • All Roadmaps

Company

  • About Us
  • Blog
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 DevOpsLesson. All rights reserved.

DOCKERKUBERNETESTERRAFORMAWSCI/CDLINUXGITDEVOPS ROADMAPCLOUD ROADMAPSRE ROADMAPGIT CHEATSHEETDOCKER CHEATSHEETK8S CHEATSHEETTF CHEATSHEETLINUX CHEATSHEETDOCKERFILE LINTERYAML VALIDATORCRON PARSERREGEX TESTER

Kubernetes Tutorial

Introduction to Kubernetes
Kubernetes Architecture
Installing Kubernetes
kubectl Basics
Kubernetes Pods
Kubernetes Deployments
Kubernetes Services
ConfigMaps and Secrets
Kubernetes Storage
Kubernetes Namespaces
Kubernetes Resource Management
Helm for Kubernetes
Kubernetes Monitoring

Kubernetes Secrets

PreviousPrev
Next

Store passwords, tokens, image pull credentials, and TLS material with Kubernetes Secrets while understanding their security limits.

What Is a Secret?

A Secret stores sensitive data such as passwords, API tokens, TLS certificates, or registry credentials.

Common Secret Types

TypeUse case
OpaqueGeneric key-value secret data
kubernetes.io/dockerconfigjsonPrivate registry credentials
kubernetes.io/tlsTLS certificate and private key

Important Security Note

Base64 encoding is not encryption. It only changes representation. In production, use stronger controls such as encryption at rest, tight RBAC, external secret managers, Vault, or Sealed Secrets.

Create a Secret Imperatively

kubectl create secret generic app-secret   --from-literal=DB_PASSWORD=supersecret

Create a Secret from YAML

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  DB_PASSWORD: c3VwZXJzZWNyZXQ=

Use a Secret as an Environment Variable

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-demo
spec:
  containers:
    - name: app
      image: busybox:1.36
      command: ['sh', '-c', 'echo Secret loaded && sleep 3600']
      env:
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-secret
              key: DB_PASSWORD

Use a Secret as a Mounted Volume

apiVersion: v1
kind: Pod
metadata:
  name: secret-file-demo
spec:
  volumes:
    - name: secret-volume
      secret:
        secretName: app-secret
  containers:
    - name: app
      image: busybox:1.36
      command: ['sh', '-c', 'ls /secrets && sleep 3600']
      volumeMounts:
        - name: secret-volume
          mountPath: /secrets
          readOnly: true

Private Registry Access with imagePullSecrets

apiVersion: v1
kind: Pod
metadata:
  name: private-image-demo
spec:
  imagePullSecrets:
    - name: regcred
  containers:
    - name: app
      image: private-registry.example.com/demo:1.0

Best Practices

  • grant least-privilege RBAC
  • avoid printing secret values in logs
  • prefer volume mounts for some sensitive file use cases
  • use external secret tooling in production
Exercise

Base64 Reality

What is true about base64 encoded secret data in a YAML manifest?

Exercise

Registry Secret

What is `imagePullSecrets` used for?

PreviousPrev
Next

Continue Learning

Kubernetes Ingress

Route HTTP and HTTPS traffic into your cluster with Ingress rules, controllers, TLS termination, and host or path based routing.

22 min·Easy

ConfigMaps and Secrets

Learn why configuration should live outside images and how ConfigMaps and Secrets help separate code from runtime settings.

15 min·Easy

Kubernetes ConfigMaps

Create ConfigMaps from literals, files, or YAML and use them as environment variables or mounted configuration files.

20 min·Easy

Explore Related Topics

Do

Docker Tutorials

Build the containers Kubernetes orchestrates

Te

Terraform Tutorials

Provision Kubernetes clusters as code

Try the Tool

YAML Validator

Validate Kubernetes manifests and any YAML files instantly.

On This Page

What Is a Secret?Common Secret TypesImportant Security NoteCreate a Secret ImperativelyCreate a Secret from YAMLUse a Secret as an Environment VariableUse a Secret as a Mounted VolumePrivate Registry Access with imagePullSecretsBest Practices