Creating a Secret

A secret is a type of resource that holds sensitive data, such as authentication and key information, required by a workload. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.

Creating a Secret

Access the cluster console. In the navigation pane, choose ConfigMaps and Secrets. Then, click the Secrets tab. You can create a secret directly or using YAML. If you want to create a secret using YAML, go to 4.
Select the namespace that the secret will belong to.

Click Create Secret.

Configure the parameters as described in Table 1.

**Table 1** Parameters for creating a secret
Parameter	Description
Name	Name of the secret you create, which must be unique in a namespace.
Namespace	Namespace that the secret belongs to. The current namespace is used by default.
Description	Description of the secret.
Secret Type	Type of the secret. Opaque: general secret type. In high-sensitive scenarios, you are advised to encrypt sensitive data using data encryption services and then store the encrypted data in secrets. kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository. If you select this secret type, enter the image repository address. IngressTLS: a secret that stores the certificate required for Layer 7 load balancing. If you select this secret type, upload the certificate file and private key file. Other: another type of secret, which is specified manually.
Secret Data	Workload secret data can be used in containers. If the secret type is Opaque, enter the key and value. The value must be a Base64-encoded value. You can select Auto Base64 Encoding to Base64-encode the entered value. For details about manual Base64 encoding, see Base64 Encoding. If the secret type is kubernetes.io/dockerconfigjson, enter the username and password of the private image repository. NOTE: Secrets can be used to create workload storage volumes and configure workload environment variables. When configuring workload environment variables, ensure that the secret data is not empty.
Label	Labels are attached to objects such as workloads, nodes, and Services in key-value pairs. Labels define the identifiable attributes of these objects and are used to manage and select the objects. Enter the key and value. Click Confirm.

Create a secret from a YAML file by clicking Create from YAML.

To create a resource by uploading a file, ensure that the resource description file has been created. UCS supports files in JSON or YAML format. For details, see Secret Resource File Configuration.
You can import or directly write the file content in YAML or JSON format.
- Method 1: Import an orchestration file.
  Click Import to import a YAML or JSON file. The content of the YAML or JSON file is displayed in the orchestration content area.
- Method 2: Directly orchestrate the content.
  In the orchestration content area, enter the content of the YAML or JSON file.
When the configuration is complete, click OK.

The new secret is displayed in the secret list.

Secret Resource File Configuration

This section provides a configuration example of a secret resource file.

For example, you can retrieve the username and password for a workload through a secret.

YAML format

The content in the secret file secret.yaml is as follows. The value must be encoded using Base64. For details, see Base64 Encoding.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret           #Secret name
  namespace: default       #Namespace. The default value is default.
data:
  username: bXktdXNlcm5hbWUK  #Username, which must be encoded using Base64.
  password: ******  #The value must be encoded using Base64.
type: Opaque     #You are advised not to change this parameter value.

JSON format

The content in the secret file secret.json is as follows:

{
  "apiVersion": "v1",
  "kind": "Secret",
  "metadata": {
    "name": "mysecret",
    "namespace": "default"
  },
  "data": {
    "username": "bXktdXNlcm5hbWUK",
    "password": "******"
  },
  "type": "Opaque"
}

Related Operations

After a secret is created, you can perform the operations described in Table 2.

The secrets in the kube-system namespace can only be viewed.

**Table 2** Other operations
Operation	Description
Editing a YAML file	Click Edit YAML in the row where the target secret resides to edit its YAML file.
Updating a secret	Click Update in the row where the target secret resides. Modify the secret data according to Table 1. Click OK.
Deleting a secret	Click Delete in the row where the target secret resides. Delete the secret as prompted.
Deleting secrets in batches	Select the secrets to be deleted. Click Delete in the upper left corner. Delete the secret as prompted.

Base64 Encoding

To encode a character string using Base64, run the echo -n Content to be encoded | base64 command. The following is an example:

root@ubuntu:~# echo -n "Content to be encoded" | base64
******

Parent topic: ConfigMaps and Secrets

Previous topic: Creating a ConfigMap

Next topic: kubeconfig

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot