ConfigMaps & Secrets
Intermediate
Overview
ConfigMaps hold non-sensitive configuration as key-value pairs. Secrets hold sensitive data; their values are Base64-encoded (not encrypted by default).
Both can be injected into Pods as environment variables or mounted as files, which keeps configuration out of your container images.
Use the Kubernetes Secret Encoder tool on this site to Base64-encode values for a Secret's data field.
Cheatsheet
kubectl create configmap app --from-literal=ENV=prodCreate a ConfigMapkubectl create secret generic db --from-literal=pass=s3cr3tCreate a Secretkubectl get configmapsList ConfigMapskubectl get secret db -o yamlView a Secret (Base64-encoded)Try it
A safe, simulated terminal. Run the suggested commands to see typical output.
simulated terminal
Type a command and press Enter, or click a suggestion below to run it.
Quick quiz
1. How are Secret values stored by default?
2. What should hold non-sensitive configuration?