ConfigMaps & Secrets

Intermediate

Overview

ConfigMaps hold non-sensitive configuration as key-value pairs. Secrets hold sensitive data; their values are Base64-encoded (not encrypted by default).

Both can be injected into Pods as environment variables or mounted as files, which keeps configuration out of your container images.

Use the Kubernetes Secret Encoder tool on this site to Base64-encode values for a Secret's data field.

Cheatsheet

kubectl create configmap app --from-literal=ENV=prodCreate a ConfigMap
kubectl create secret generic db --from-literal=pass=s3cr3tCreate a Secret
kubectl get configmapsList ConfigMaps
kubectl get secret db -o yamlView a Secret (Base64-encoded)

Try it

A safe, simulated terminal. Run the suggested commands to see typical output.

simulated terminal

Type a command and press Enter, or click a suggestion below to run it.

$

Quick quiz

1. How are Secret values stored by default?

2. What should hold non-sensitive configuration?