Wednesday, April 13, 2022

[SOLVED] How to use kubectl to create a secret without exposing it

Issue

Using CLI arguments to pass secrets is generally found upon: It exposes the secrets to other processes (ps aux) and potentially stores it in the shell history.

Is there a way to create Kubernetes secrets using kubectl that is not exposing the secret as described? I.e. a way to do this interactively?

kubectl create secret generic mysecret --from-literal key=token

Solution

You can create from file using e.g.

kubectl create secret generic mysecret --from-file=key=name-of-file.txt

This will prevent the secret text in the commandline, but it does still tell anyone looking through your history where to find the secret text

Also, if you put a space at the start of the line, it does not get added to shell history

kubectl create secret generic mysecret --from-literal....

vs

 kubectl create secret generic mysecret --from-literal....

(with space at the start)



Answered By - Blender Fox
Answer Checked By - Willingham (WPSolving Volunteer)