{"id":86771,"date":"2023-01-26T16:32:47","date_gmt":"2023-01-26T16:32:47","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4028014"},"modified":"2023-01-26T16:32:47","modified_gmt":"2023-01-26T16:32:47","slug":"how-to-create-and-manage-kubernetes-secrets-in-portainer","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=86771","title":{"rendered":"How to create and manage Kubernetes Secrets in Portainer"},"content":{"rendered":"<div id>\n<p> Instead of keeping Secrets in Kubernetes manifests, store them separately. Portainer makes this quite simple; I&#8217;ll show you how in this tutorial. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_4028025\" aria-describedby=\"caption-attachment-4028025\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4028025\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer.jpg\" alt=\"Padlock with infinite keys, metaphor of problems, solutions and risk management; original 3d rendering\" width=\"770\" height=\"453\"><figcaption id=\"caption-attachment-4028025\" class=\"wp-caption-text\">Image: tostphoto\/Adobe Stock<\/figcaption><\/figure>\n<p>When you\u2019re building and deploying Kubernetes services and pods, you sometimes have to use a secret, such as a password, an API key or a third-party access token. You certainly don\u2019t want to save those bits of sensitive information in your manifests, as doing that could lead to security issues. Given how many moving parts make up a Kubernetes deployment, the last thing you need is to extend your attack plane further.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/resource-library\/whitepapers\/hiring-kit-back-end-developer\/\" target=\"_blank\" rel=\"noopener noreferrer\">Hiring kit: Back-end Developer<\/a> (TechRepublic Premium)<\/strong><\/p>\n<p>How do you create and manage Kubernetes Secrets? If you\u2019re <a href=\"https:\/\/www.techrepublic.com\/article\/how-to-deploy-portainer-microk8s-environment\/\" target=\"_blank\" rel=\"noopener noreferrer\">using Portainer as your Kubernetes management platform<\/a>, you\u2019re in luck, as it includes a very powerful Secrets feature. In this tutorial, I\u2019ll show you how the Portainer Kubernetes Secrets tool can make your life a bit easier.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"need\">What you\u2019ll need to create a secret in Portainer<\/h2>\n<p>To follow along, you\u2019ll need a running instance of Portainer and a user with deployment privileges. You\u2019ll also need a secret to save.<\/p>\n<h2 id=\"create\">How to create your first Kubernetes secret in Portainer<\/h2>\n<p>The first thing you\u2019ll need to do is log in to your Portainer instance. Once you\u2019ve logged in, select your Kubernetes environment, which will probably be listed as Local. From the left navigation, click ConfigMaps &amp; Secrets (<strong>Figure A<\/strong>).<\/p>\n<p><strong>Figure A<\/strong><\/p>\n<figure id=\"attachment_4028015\" aria-describedby=\"caption-attachment-4028015\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4028015\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer-41.jpg\" alt width=\"273\" height=\"394\"><figcaption id=\"caption-attachment-4028015\" class=\"wp-caption-text\">The Portainer left navigation is where you access the Secrets section.<\/figcaption><\/figure>\n<p>In the resulting page (<strong>Figure B<\/strong>), click Add With Form near the upper-right corner.<\/p>\n<p><strong>Figure B<\/strong><\/p>\n<figure id=\"attachment_4028016\" aria-describedby=\"caption-attachment-4028016\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4028016\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer-42.jpg\" alt width=\"770\" height=\"341\"><figcaption id=\"caption-attachment-4028016\" class=\"wp-caption-text\">The Portainer ConfigMaps &amp; Secrets page.<\/figcaption><\/figure>\n<p>In the next window (<strong>Figure C<\/strong>), click the Secret tab near the middle of the page.<\/p>\n<p><strong>Figure C<\/strong><\/p>\n<figure id=\"attachment_4028017\" aria-describedby=\"caption-attachment-4028017\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4028017\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer-43.jpg\" alt width=\"770\" height=\"460\"><figcaption id=\"caption-attachment-4028017\" class=\"wp-caption-text\">Creating a new Kubernetes secret in Portainer.<\/figcaption><\/figure>\n<p>Here\u2019s the information that you\u2019ll want to include for your new secret:<\/p>\n<ul>\n<li><strong>Name<\/strong>: A human-readable name for your secret.<\/li>\n<li><strong>Namespace<\/strong>: The namespace for which the secret will be used.<\/li>\n<li><strong>Key<\/strong>: The portion of the key pair that defines the first value, such as username.<\/li>\n<li><strong>Value<\/strong>: The portion of the key pair that defines the second value, such as the password or access token \u2014 for example, if credentials are admin\/@dm1n, admin is the key and @dm1n is the Value.<\/li>\n<\/ul>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read developer coverage<\/h3>\n<\/aside>\n<p>You an also select the Type, which can be one of the following:<\/p>\n<ul>\n<li>Opaque.<\/li>\n<li>Service account token.<\/li>\n<li>Dockercfg.<\/li>\n<li>Dockerconfigjson.<\/li>\n<li>Basic auth.<\/li>\n<li>SSH auth.<\/li>\n<li>TLS.<\/li>\n<li>Bootstrap token.<\/li>\n<li>Custom.<\/li>\n<\/ul>\n<p>For simplicity, let\u2019s select SSH auth. Now, it\u2019s important to know that some Type options will automatically fill out the Key portion. For example, if you select SSH auth, the Key portion will auto-populate with <code>ssh-privatekey<\/code>.<\/p>\n<p>Now, it\u2019s time to give the new key a name, select SSH auth for the type and then retrieve the SSH public key you want to add. This key will start with <code>ssh-rsa<\/code>, include a long string of random characters and end with USERNAME@HOSTNAME, where USERNAME is your local username and hostname is the hostname of the machine you\u2019re working on.<\/p>\n<p>If you\u2019re using an SSH key that\u2019s on a different machine, you\u2019ll need to track it down. Once you have your SSH public key copied, paste it in the Value field. When you have all required information in place, you\u2019ll then be able to click Create Secret to save the new key.<\/p>\n<h2 id=\"use\">How to use the new key<\/h2>\n<p>Let\u2019s say you\u2019re creating a new application for deployment. If that\u2019s the case, you\u2019ll click Applications and then click Add With Form. In the application form, you\u2019ll see the Configurations section (<strong>Figure D<\/strong>):<\/p>\n<p><strong>Figure D<\/strong><\/p>\n<figure id=\"attachment_4028018\" aria-describedby=\"caption-attachment-4028018\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4028018\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer-44.jpg\" alt width=\"654\" height=\"154\"><figcaption id=\"caption-attachment-4028018\" class=\"wp-caption-text\">The Configurations section of the New Application form.<\/figcaption><\/figure>\n<p>Click Add Configuration. In the resulting section, you\u2019ll see a drop-down where you can select the newly created secret (<strong>Figure E<\/strong>):<\/p>\n<p><strong>Figure E<\/strong><\/p>\n<figure id=\"attachment_4028019\" aria-describedby=\"caption-attachment-4028019\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4028019\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/01\/how-to-create-and-manage-kubernetes-secrets-in-portainer-45.jpg\" alt width=\"770\" height=\"108\"><figcaption id=\"caption-attachment-4028019\" class=\"wp-caption-text\">Selecting our new secret for application configuration.<\/figcaption><\/figure>\n<p>You don\u2019t have to add any extra information for the secret, as Portainer will automatically map the entry to the key. With this step, you no longer have to add the secret to the manifest.<\/p>\n<h2 id=\"secrets\">Kubernetes Secrets made easy<\/h2>\n<p>Secrets are a must-use, especially if you\u2019re connecting any application to an API or third-party service. Thanks to Portainer, creating and using secrets for your Kubernetes deployments is incredibly easy.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/resource-library\/whitepapers\/hiring-kit-platform-engineer\/\" target=\"_blank\" rel=\"noopener noreferrer\">Hiring kit: Platform engineer<\/a> (TechRepublic Premium)<\/strong><\/p>\n<p>One thing to keep in mind, however, is that anyone on your Portainer system with the right privileges can view the secret. Be sure to grant user access to those environments wisely.<\/p>\n<p><strong>Read next: <a href=\"https:\/\/www.techrepublic.com\/article\/best-ide-software\/\" target=\"_blank\" rel=\"noopener noreferrer\">The 12 best IDEs for programming<\/a> (TechRepublic)<\/strong><\/p>\n<p> <!-- default newsletter at the end --> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Instead of keeping Secrets in Kubernetes manifests, store them separately. Portainer makes this quite simple; I&#8217;ll show you how in this tutorial. Image: tostphoto\/Adobe Stock When you\u2019re building and deploying Kubernetes services and pods, you sometimes have to use a secret, such as a password, an API key or a third-party access token. You certainly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":86772,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,315,316,177,27],"tags":[],"class_list":["post-86771","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-containers","category-kubernetes","category-open-source","category-software"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/86771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=86771"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/86771\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/86772"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=86771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=86771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=86771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}