🔹Table of Contents :

Introduction
Benefits of Using Secrets
Creating and Managing Secrets
Real-Time Scenarios for Using Secrets
Hands-On Tasks
- Task 1: Encrypting and decrypting a Secret for application.properties
- Task 2: Creating a Secret from environment.sh file
- Task 3: Storing and managing MySQL credentials securely
Detailed Commands and Examples
Common Challenges and Troubleshooting

✅What are Secrets in Kubernetes?

Secrets are used to store sensitive data, like passwords, API keys, and certificates, separately from the application code.
They provide a more secure way to store sensitive information compared to ConfigMaps because they are base64 encoded.
Kubernetes Secrets are not encrypted by default but are encoded to prevent accidental exposure.

✅Why Use Secrets?

Secure Storage: Helps keep sensitive information separate from application code and configuration.
Access Control: Secrets can be accessed only by the Pods that have been granted access.
Simplified Management: Managing secrets across different environments (Dev, Test, Prod) becomes easier and more secure.

✅Creating Secrets in Kubernetes

1. Using `kubectl` Command

You can create a secret using the kubectl command:

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret123

2. Creating Secrets Using a YAML File

A YAML file can also be used to create secrets. Here’s an example of a secret.yaml file:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded "admin"
  password: c2VjcmV0MTIz  # base64 encoded "secret123"

Apply the YAML file with:

kubectl apply -f secret.yaml

✅Encoding and Decoding Secrets

Encode a String to Base64:
```
  echo -n "admin" | base64
```
Decode a Base64 String:
```
  echo -n "YWRtaW4=" | base64 --decode
```

✅Tasks Performed

Task 1: Decrypt a Secret in YAML Format

Create a file named application.properties with some sensitive information.

 echo "db.username=admin" > application.properties
 echo "db.password=secret123" >> application.properties

Encrypt the contents using kubectl:

 kubectl create secret generic app-secrets --from-file=application.properties

View the secret in YAML format (note that the data will be base64 encoded):
```
 kubectl get secret app-secrets -o yaml
```

Decode the data manually to verify:

 echo -n "<base64_encoded_value>" | base64 --decode

Task 2: Create a Secret from `environment.sh`

Create the environment.sh file with the following content:
```
 echo "variable1=value1" > environment.sh
```

Create a secret using the file:

 kubectl create secret generic env-secret --from-file=environment.sh

View the created secret:
```
 kubectl get secret env-secret -o yaml
```

Decode the base64 encoded values:

 echo -n "<base64_encoded_value>" | base64 --decode

Task 3: Create Secrets for MySQL

Encrypt MySQL username and password:

 echo -n "mysqluser" | base64
 echo -n "mysqlpassword" | base64

Create a mysql-secret.yaml file:

 apiVersion: v1
 kind: Secret
 metadata:
   name: mysql-secret
 type: Opaque
 data:
   databaseusername: bXlzcWx1c2Vy  # base64 encoded "mysqluser"
   databasepassword: bXlzcWxwYXNzd29yZA==  # base64 encoded "mysqlpassword"

Apply the secret:
```
 kubectl apply -f mysql-secret.yaml
```

Verify the created secret:

 kubectl get secret mysql-secret -o yaml

Decode to confirm the values:

 echo -n "bXlzcWx1c2Vy" | base64 --decode
 echo -n "bXlzcWxwYXNzd29yZA==" | base64 --decode

✅Real-Time Scenarios Where Kubernetes Secrets Are Useful

Database Credentials: Storing database usernames and passwords securely.
API Keys and Tokens: Managing access tokens for third-party services.
SSL Certificates: Storing SSL certificates to enable secure communication.

✅Commands Recap

Create a Secret from literals:

  kubectl create secret generic my-secret --from-literal=username=admin

Create a Secret from a file:

  kubectl create secret generic my-secret --from-file=application.properties

Encode to Base64:
```
  echo -n "value" | base64
```

Decode from Base64:

  echo -n "encoded_value" | base64 --decode

Apply a YAML file:
```
  kubectl apply -f secret.yaml
```
Get a Secret in YAML format:
```
  kubectl get secret my-secret -o yaml
```
Delete a Secret:
```
  kubectl delete secret my-secret
```

🚀Thanks for joining me on Day 42! Let’s keep learning and growing together!

Happy Learning! 😊

#90DaysOfDevOps

💡

Follow for more updates on LinkedIn , Github and Twitter(X)

☑️Day 42: Exploring Secrets in Kubernetes🚀

🔹Table of Contents :

✅What are Secrets in Kubernetes?

✅Why Use Secrets?

✅Creating Secrets in Kubernetes

1. Using `kubectl` Command

2. Creating Secrets Using a YAML File

✅Encoding and Decoding Secrets

✅Tasks Performed

Task 1: Decrypt a Secret in YAML Format

Task 2: Create a Secret from `environment.sh`

Task 3: Create Secrets for MySQL

✅Real-Time Scenarios Where Kubernetes Secrets Are Useful

✅Commands Recap

Subscribe to my newsletter

Kedar Pattanshetti

Kedar Pattanshetti

☑️Day 42: Exploring Secrets in Kubernetes🚀

🔹Table of Contents :

✅What are Secrets in Kubernetes?

✅Why Use Secrets?

✅Creating Secrets in Kubernetes

1. Using kubectl Command

2. Creating Secrets Using a YAML File

✅Encoding and Decoding Secrets

✅Tasks Performed

Task 1: Decrypt a Secret in YAML Format

Task 2: Create a Secret from environment.sh

Task 3: Create Secrets for MySQL

✅Real-Time Scenarios Where Kubernetes Secrets Are Useful

✅Commands Recap

Subscribe to my newsletter

Kedar Pattanshetti

Kedar Pattanshetti

1. Using `kubectl` Command

Task 2: Create a Secret from `environment.sh`