Creating a Secret

A secret is a type of resource that holds sensitive data, such as authentication and key information, required by a workload. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.

Creating a Secret

Log in to the cluster console. In the left navigation pane, choose Configuration Center > Secrets. You can create a secret directly or using YAML. If you want to create a secret using YAML, go to 3.

Click Create Secret.

Set the parameters listed in Table 1. The parameters marked with asterisks (*) are mandatory.

**Table 1** Parameters for creating a secret
Parameter	Description
*Name	Name of a secret, which must be unique in a namespace.
*Cluster	Select the cluster for which you want to create a secret.
*Namespace	Namespace to which the secret belongs. If you do not specify this parameter, the value default is used by default.
Description	Description of the secret.
*Type	Type of the secret you create. Opaque: common secret. kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository. IngressTLS: a secret that stores the certificate required by ingresses (layer-7 load balancing Services). Other: another type of secret, which is specified manually.
*Data	Workload secret data can be used in containers. If the secret is of the Opaque type: Click Add Data. Set Key and Value. The value must be encoded using Base64. For details on Base64 encoding, see Base64 Encoding. If the secret is of the kubernetes.io/dockerconfigjson type, enter the username and password of a private image repository. If the secret is of the IngressTLS type, upload a certificate file and a private key file.
Label	Labels are attached to objects such as workloads, nodes, and Services in key-value pairs. Labels define identified attributes of these objects and can be used to manage and select objects. Click Add Label. Set Key and Value.

Create a secret using a YAML file by clicking Create Using YAML.

To create a resource by uploading a file, ensure that the resource description file has been created. MCP supports files in JSON or YAML format. For details, see Secret Resource File Configuration.
You can import or directly write the file content in YAML or JSON format.
- Method 1: Import an orchestration file.
  Click Upload YAML File to import a YAML or JSON file. The content of the YAML or JSON file is displayed in the orchestration content area.
- Method 2: Directly orchestrate the content.
  In the orchestration content area, enter the content of the YAML or JSON file.
Click Create after the configuration is complete.
The new secret is displayed in the secret list.

Secret Resource File Configuration

This section provides a configuration example of a secret resource file.

For example, you can retrieve the username and password for a workload through a secret.

YAML format

The content in the secret file secret.yaml is as follows. The value must be encoded using Base64. For details, see Base64 Encoding.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret           #Secret name
  namespace: default       #Namespace. The default value is default.
data:
  username: bXktdXNlcm5hbWUK  #Username, which must be encoded using Base64.
  password: ******  #The value must be encoded using Base64.
type: Opaque     #You are advised not to change this parameter value.

JSON format

The content in the secret file secret.json is as follows:

{
  "apiVersion": "v1",
  "kind": "Secret",
  "metadata": {
    "name": "mysecret",
    "namespace": "default"
  },
  "data": {
    "username": "bXktdXNlcm5hbWUK",
    "password": "******"
  },
  "type": "Opaque"
}

Related Operations

After a secret is created, you can perform the operations described in Table 2.

The secret list contains system-defined secrets that can only be viewed but cannot be updated or deleted.

**Table 2** Other operations
Operation	Description
Viewing a YAML file	Click View YAML in the row where the target secret resides to view its YAML file.
Updating a secret	Click Update in the row where the target secret resides. Modify the secret data according to Table 1. Click Update.
Deleting a secret	Click Delete in the row where the target secret resides. Delete the secret as prompted.
Deleting secrets in batches	Select the secrets to be deleted. Click Delete above the secret list. Delete the secrets as prompted.

Base64 Encoding

To encode a character string using Base64, run the echo -n Content to be encoded | base64 command. The following is an example:

root@ubuntu:~# echo -n "Content to be encoded" | base64
******

Parent topic: Configuration Center

Previous topic: Creating a ConfigMap

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot