0
0
Kubernetesdevops~10 mins

Creating Secrets in Kubernetes - Visual Walkthrough

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Creating Secrets
Write secret data
Encode data in base64
Create Secret YAML manifest
Apply manifest with kubectl
Secret stored in cluster
Use secret in pods or configs
This flow shows how secret data is prepared, encoded, saved in a YAML file, applied to the cluster, and then used securely.
Execution Sample
Kubernetes
kubectl create secret generic mysecret --from-literal=password=Pa$$w0rd
kubectl get secret mysecret -o yaml
Creates a secret named 'mysecret' with a password, then shows the secret details in YAML format.
Process Table
StepCommandActionResult
1kubectl create secret generic mysecret --from-literal=password=Pa$$w0rdCreate secret named 'mysecret' with passwordSecret 'mysecret' created
2kubectl get secret mysecret -o yamlRetrieve secret details in YAMLYAML output with base64 encoded password
3kubectl describe secret mysecretShow secret summaryShows metadata and data keys (password)
4kubectl delete secret mysecretDelete the secretSecret 'mysecret' deleted
5-No secret exists nowkubectl get secret mysecret returns 'NotFound' error
💡 Secret deleted and no longer exists in cluster
Status Tracker
VariableStartAfter Step 1After Step 4Final
Secret 'mysecret'NoneExists with password keyDeletedNone
Key Moments - 3 Insights
Why is the password stored in base64 format in the secret YAML?
Base64 encoding is used to safely store binary or special characters in YAML. It is not encryption, just encoding. See execution_table step 2 where the password appears encoded.
What happens if you try to get a secret after deleting it?
kubectl returns a 'NotFound' error because the secret no longer exists. This is shown in execution_table step 5.
Can you see the actual password in plain text by running 'kubectl get secret'?
No, the password is base64 encoded in the output. You must decode it manually to see the plain text. This is shown in execution_table step 2.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the result of step 1?
ASecret 'mysecret' deleted
BSecret 'mysecret' created
CYAML output with base64 encoded password
DNotFound error
💡 Hint
Check the 'Result' column for step 1 in the execution_table.
At which step does the secret get deleted?
AStep 4
BStep 3
CStep 2
DStep 5
💡 Hint
Look for the 'Action' column mentioning deletion in the execution_table.
If you want to see the secret password in plain text, what must you do after step 2?
ARun 'kubectl delete secret mysecret'
BRun 'kubectl describe secret mysecret'
CDecode the base64 encoded password from the YAML output
DNothing, it is already in plain text
💡 Hint
Refer to the key_moments about base64 encoding and step 2 output.
Concept Snapshot
Creating Secrets in Kubernetes:
- Use 'kubectl create secret generic NAME --from-literal=key=value'
- Secret data is base64 encoded in YAML
- Apply secret with kubectl to store in cluster
- Use 'kubectl get secret NAME -o yaml' to view encoded data
- Delete secret with 'kubectl delete secret NAME'
Full Transcript
Creating secrets in Kubernetes involves writing secret data, encoding it in base64, creating a YAML manifest, and applying it to the cluster using kubectl. The secret is stored securely and can be used by pods or configurations. The password or secret data is encoded in base64, not encrypted, so it must be decoded to read the original value. Secrets can be deleted, after which they no longer exist in the cluster.