Secrets

Secrets are objects that you can use to store sensitive data such as authentication information, certificates, and private keys. You can load a secret to a container as an environment variable when the container is started or mount a secret to a container as a file.

Note

It is recommended that you encrypt the uploaded secrets.

Creating a Secret

1. Log in to the CCI console. In the navigation pane on the left, choose Configuration Center.

2. Select a namespace and click the Secrets tab.

3. Click Create from YAML in the upper left corner and edit the YAML file. For details about the YAML file, see YAML format.

   Note

   CCI supports both JSON and YAML, and the file size cannot exceed 2 MB.

4. Click OK.

   You can view the newly created secret in the secret list.

Using a Secret

After a secret is created, you can mount it to a container as a storage volume during pod creation. For example, mount a secret named aksk-secret to a container and set the storage volume name to volume2.

Secret File Format

• secret.yaml resource description file

  For example, you can use a secret to obtain the following key-value pairs and encrypt them for an application:

  key1: value1

  key2: value2

  The secret.yaml file is defined as below. (Base64 encoding is required for the value of each key. For details about the Base64 encoding method, see Base64 Encoding.)

  apiVersion: v1
  kind: Secret
  metadata:
    name: mysecret           #Secret name
    annotations:
      description: "test"
    labels:
      label-01: value-01
      label-02: value-02
  data:
    key1: dmFsdWUx    #Base64 encoding required
    key2: dmFsdWUy  #Base64 encoding required
  type: Opaque         #The type must be Opaque.
  

• secret.json resource description file

  The content is as follows:

  {
      "apiVersion": "v1",
      "kind": "Secret",
      "metadata": {
          "annotations": {
              "description": "test"
          },
          "labels": {
              "label-01": "value-01",
              "label-02": "value-02"
          },
          "name": "mysecret"
      },
      "data": {
          "key1": "dmFsdWUx",
          "key2": "dmFsdWUy"
      },
      "type": "Opaque"
  }
  

Base64 Encoding

To perform Base64 encoding on a character string, run the echo -n {Content to be encoded} | base64 command.

root@ubuntu:~# echo -n "3306" | base64
MzMwNg==

last updated: 2024-10-15 06:11 UTC - commit: 0a182d98f6a28eec4d85bdd059da233532fd08e3