Managing Secrets in Kubernetes

![](https://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s400/0%2B%25281%2529.png)](https://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s1600/0%2B%25281%2529.png) Now, how did the Nginx pods get ahold of the super-secret SSL key/cert and htpasswd file (for basic access auth)? ### Keep it secret, keep it safe Kubernetes has an [API and resource for Secrets](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/secrets.md). Secrets “are intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a secret is safer and more flexible than putting it verbatim in a pod definition or in a docker image.” You can create secrets in your cluster in 3 simple steps:

The image shows the SSL termination proxy setup. The discussion then shifts to how Nginx pods obtain sensitive information like SSL keys/certs and htpasswd files. Kubernetes provides a secure way to manage this via Secrets, which are intended to hold sensitive information such as passwords, OAuth tokens, and SSH keys. Using secrets is safer and more flexible than directly embedding sensitive data in pod definitions or Docker images. The text indicates that creating secrets in the cluster can be done in three simple steps.