Help Center> Intelligent EdgeFabric> User Guide> User Guide (Platinum)> Containerized Application Management> Secrets
Updated on 2022-08-11 GMT+08:00
View PDF

Secrets

Secrets store sensitive, user-defined information such as authentication details, certificates, and keys, and can then be loaded to containerized applications. For example, you can mount a volume of the secret type for data store to make it a file in the container, or load a secret to make it an environment variable in the container.

Secrets may involve sensitive user information. If the secrets you attempt to configure contain sensitive information, you need to encrypt them before entering them and also need to decrypt them through applications.

Creating a Secret

  1. Log in to the IEF console, and click Switch Instance on the Dashboard page to select a platinum service instance.
  2. In the navigation pane, choose Edge Applications > Application Configuration. Then, click Create Secret in the upper right corner.
  3. Specify the secret details.

    Figure 1 Creating a secret
    • Name: name of the secret.
    • Type: Opaque secrets are supported. Data is in the key-value pair format and Base64-encoded. For details, see Base64 Encoding.
    • Data: Key-value pairs. Enter a property name and value. The value must be Base64-encoded.

  4. Click Create. After the secret is created, the secret list page is displayed.

Base64 Encoding

To perform Base64 encoding on a character string, run the echo -n {Content to be encoded} | base64 command. For example:

root@ubuntu:~# echo -n "example value" | base64
ZXhhbXBsZSB2YWx1ZQ==

Using a Secret

You can use secrets to configure data storage in the advanced settings when creating a containerized application.

Figure 2 Using a secret

After the secret is mounted to the container, files are created in the mount directory based on the secret content. Each property name and value pair is generated as a file. The property name is the file name, and the value is the content of the file. For instance, a secret could have the property name set to key and the property value set to ZXhhbXBsZSB2YWx1ZQ==. After the secret is mounted to the /tmp0 directory, a file named key is generated in the /tmp0 directory and the file content is example value.