builds-creating-secrets.adoc

Creating secrets

You must create a secret before creating the pods that depend on that secret.

When creating secrets:

• Create a secret object with secret data.

• Update the pod’s service account to allow the reference to the secret.

• Create a pod, which consumes the secret as an environment variable or as a file (using a secret volume).

Procedure

• Use the create command to create a secret object from a JSON or YAML file:

  $ oc create -f <filename>

  For example, you can create a secret from your local .docker/config.json file:

  $ oc create secret generic dockerhub \
      --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
      --type=kubernetes.io/dockerconfigjson

  This command generates a JSON specification of the secret named dockerhub and creates the object.

  YAML Opaque Secret Object Definition

  apiVersion: v1
  kind: Secret
  metadata:
    name: mysecret
  type: Opaque (1)
  data:
    username: dXNlci1uYW1l
    password: cGFzc3dvcmQ=

  1. Specifies an opaque secret.

     Docker Configuration JSON File Secret Object Definition

     apiVersion: v1
     kind: Secret
     metadata:
       name: aregistrykey
       namespace: myapps
     type: kubernetes.io/dockerconfigjson (1)
     data:
       .dockerconfigjson:bm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg== (2)

  2. Specifies that the secret is using a Docker configuration JSON file.

  3. The output of a base64-encoded the Docker configuration JSON file