Issue
Using CLI arguments to pass secrets is generally found upon: It exposes the secrets to other processes (ps aux
) and potentially stores it in the shell history.
Is there a way to create Kubernetes secrets using kubectl
that is not exposing the secret as described? I.e. a way to do this interactively?
kubectl create secret generic mysecret --from-literal key=token
Solution
You can create from file using e.g.
kubectl create secret generic mysecret --from-file=key=name-of-file.txt
This will prevent the secret text in the commandline, but it does still tell anyone looking through your history where to find the secret text
Also, if you put a space at the start of the line, it does not get added to shell history
kubectl create secret generic mysecret --from-literal....
vs
kubectl create secret generic mysecret --from-literal....
(with space at the start)
Answered By - Blender Fox Answer Checked By - Willingham (WPSolving Volunteer)