1
1
---
2
- title : Managing Secret using kubectl
2
+ title : Managing Secrets using kubectl
3
3
content_type : task
4
4
weight : 10
5
5
description : Creating Secret objects using kubectl command line.
@@ -15,7 +15,7 @@ description: Creating Secret objects using kubectl command line.
15
15
16
16
## Create a Secret
17
17
18
- A ` Secret ` can contain user credentials required by Pods to access a database.
18
+ A ` Secret ` can contain user credentials required by pods to access a database.
19
19
For example, a database connection string consists of a username and password.
20
20
You can store the username in a file ` ./username.txt ` and the password in a
21
21
file ` ./password.txt ` on your local machine.
@@ -24,11 +24,10 @@ file `./password.txt` on your local machine.
24
24
echo -n ' admin' > ./username.txt
25
25
echo -n ' 1f2d1e2e67df' > ./password.txt
26
26
```
27
-
28
- The ` -n ` flag in the above two commands ensures that the generated files will
29
- not contain an extra newline character at the end of the text. This is
30
- important because when ` kubectl ` reads a file and encode the content into
31
- base64 string, the extra newline character gets encoded too.
27
+ In these commands, the ` -n ` flag ensures that the generated files do not have
28
+ an extra newline character at the end of the text. This is important because
29
+ when ` kubectl ` reads a file and encodes the content into a base64 string, the
30
+ extra newline character gets encoded too.
32
31
33
32
The ` kubectl create secret ` command packages these files into a Secret and creates
34
33
the object on the API server.
@@ -45,7 +44,7 @@ The output is similar to:
45
44
secret/db-user-pass created
46
45
```
47
46
48
- Default key name is the filename. You may optionally set the key name using
47
+ The default key name is the filename. You can optionally set the key name using
49
48
` --from-file=[key=]source ` . For example:
50
49
51
50
``` shell
@@ -54,17 +53,18 @@ kubectl create secret generic db-user-pass \
54
53
--from-file=password=./password.txt
55
54
```
56
55
57
- You do not need to escape special characters in passwords from files
58
- ( ` --from- file` ) .
56
+ You do not need to escape special characters in password strings that you
57
+ include in a file.
59
58
60
59
You can also provide Secret data using the ` --from-literal=<key>=<value> ` tag.
61
60
This tag can be specified more than once to provide multiple key-value pairs.
62
61
Note that special characters such as ` $ ` , ` \ ` , ` * ` , ` = ` , and ` ! ` will be
63
62
interpreted by your [ shell] ( https://en.wikipedia.org/wiki/Shell_(computing) )
64
63
and require escaping.
64
+
65
65
In most shells, the easiest way to escape the password is to surround it with
66
- single quotes (` ' ` ). For example, if your actual password is ` S!B\*d$zDsb= ` ,
67
- you should execute the command this way :
66
+ single quotes (` ' ` ). For example, if your password is ` S!B\*d$zDsb= ` ,
67
+ run the following command :
68
68
69
69
``` shell
70
70
kubectl create secret generic dev-db-secret \
@@ -74,7 +74,7 @@ kubectl create secret generic dev-db-secret \
74
74
75
75
## Verify the Secret
76
76
77
- You can check that the secret was created:
77
+ Check that the Secret was created:
78
78
79
79
``` shell
80
80
kubectl get secrets
@@ -111,7 +111,7 @@ username: 5 bytes
111
111
112
112
The commands ` kubectl get ` and ` kubectl describe ` avoid showing the contents
113
113
of a ` Secret ` by default. This is to protect the ` Secret ` from being exposed
114
- accidentally to an onlooker , or from being stored in a terminal log.
114
+ accidentally, or from being stored in a terminal log.
115
115
116
116
## Decoding the Secret {#decoding-secret}
117
117
@@ -141,7 +141,7 @@ The output is similar to:
141
141
142
142
## Clean Up
143
143
144
- To delete the Secret you have created:
144
+ Delete the Secret you created:
145
145
146
146
``` shell
147
147
kubectl delete secret db-user-pass
@@ -152,5 +152,5 @@ kubectl delete secret db-user-pass
152
152
## {{% heading "whatsnext" %}}
153
153
154
154
- Read more about the [ Secret concept] ( /docs/concepts/configuration/secret/ )
155
- - Learn how to [ manage Secret using config file ] ( /docs/tasks/configmap-secret/managing-secret-using-config-file/ )
156
- - Learn how to [ manage Secret using kustomize] ( /docs/tasks/configmap-secret/managing-secret-using-kustomize/ )
155
+ - Learn how to [ manage Secrets using config files ] ( /docs/tasks/configmap-secret/managing-secret-using-config-file/ )
156
+ - Learn how to [ manage Secrets using kustomize] ( /docs/tasks/configmap-secret/managing-secret-using-kustomize/ )
0 commit comments