Kubernetes storing key-value pair in Secret.yml
I am wondering if it is possible to store a key-value pair in Secret.yml. I want to be able to store an encryption key as a value and an id as its key which I can use to retrieve the encryption key stored in Secret.yml.
Is such functionality available with Kubernetes?
EDIT I should have said in my original message, I want to be able to store multiple pairs and add pairs during the lifespan of my application and use different encryption key on the fly without/minimal update to my application.
Yes, secrets are key value pairs. You can create them using kubectl:
kubectl create secret the-secret-name --from-literal=KEY=VALUE
Then, you can look at / edit the yaml specification via
#get kubectl get secret the-secret-name -o yaml #edit kubectl edit secret the-secret-name
A secret looks like this:
apiVersion: v1 kind: Secret metadata: name: the-secret-name type: Opaque data: # the value is base64 encoded KEY: VkFMVUUK
Most of the time, it's better to use two key value pairs in your situation though. The reason for this is that it's more complicated/expensive to look for a key with an unknown name than to lookup a value under a key.
Secrets, Note: The serialized JSON and YAML values of secret data are encoded as secret keys appear as files and the secret values are base64 decoded and stored generic - used to store key-value pairs, as we have seen in the examples so far; tls - store public.private key pair info as Secrets; docker-registry - credentials for authenticating to a Docker registry. The way this technique is used is very simple: Use docker-registry Secret type to store private Docker registry credentials in Kubernetes
Kubernetes secret stores data as key value pair(ref: https://kubernetes.io/docs/concepts/configuration/secret/).
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: key: dmFsdWU=
Here value is base64 encoded.
Distribute Credentials Securely Using Secrets, The Secret contains key-value data representing the sensitive info, with apikey This resulting Secret will contain a key named app-config.yaml and its so far; tls - store public.private key pair info as Secrets; docker-registry Edit This Page. Secrets. Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod A Pod represents a set of running containers in your cluster. definition or in a container image Stored instance of a container that holds a set of
Thank you guys for your answers. I've found using the below format in Secret.yaml works well:
encryptionKey | KeyName: 123456abcdef SecondKeyName: abcdef123456
I would then get the key value pairs as a Map in my Java application and treat it as such so I can, for example, search for key
KeyName and get the value I need.
Tutorial: How to use Kubernetes Secrets for storing sensitive config , How To Use Kubernetes Secrets for Storing Sensitive Config Data The code (and YAML ) is available on GitHub. It's possible to create a Secret along with the configuration data stored as key-value pairs in the data The Secret contains key-value data representing the sensitive info, with apikey being Configmaps are very generic configuration files. They can consist of a list of key value pairs but they can also be generic files. For example you can store a nginx configuration file nginx.conf in a configmap and load it in the proper location for the nginx daemon to read it.
How To Use Kubernetes Secrets for Storing Sensitive Config Data, Storing such files in a Git repository is extremely insecure as it is trivial to The contents of this Secret, which contains the public/private key pair, can The YAML manifest for a Secret is generated from literal key-value pairs The script databinds the dks_secrets integration to the create-secret.yml secret template file, that exists in the repository in the kubernetes-secrets directory, using the shipctl replace command.
Managing secrets deployment in Kubernetes using Sealed Secrets , Running kubectl get secret credentials -o yaml returns the following output: To load multiple key-value pairs into a single Secret, store the Configure all key-value pairs in a Secret as container environment variables Note: This functionality is available in Kubernetes v1.6 and later. Create a Secret containing multiple key-value pairs
Secret | Kubernetes Engine Documentation, Kubernetes Secrets and ConfigMaps separate the configuration of You need it to create the YAML file for the Secret: Just like Secrets, ConfigMaps store one or more key/value pairs in their Data hash of the object. Edit This Page Secrets. Kubernetes secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a secret is safer and more flexible than putting it verbatim in a Pod The smallest and simplest Kubernetes object.