Create a Secret

This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at

Encrypt Your Secret

Create a namespace for this exercise:

kubectl create ns secretslab


namespace/secretslab created

Create a text file containing your secret:

echo -n "am i safe?" > ./test-creds

Create your secret:

kubectl create secret \
        generic test-creds \
        --from-file=test-creds=./test-creds \
        --namespace secretslab


secret/test-creds created

Retrieve the secret via the CLI:

kubectl get secret test-creds \
  -o jsonpath="{.data.test-creds}" \
  --namespace secretslab | \
  base64 --decode


am i safe?

At the conclusion of this lab, we will validate the Decrypt API call in CloudTrail. It will take some time for the event to be viewable in CloudTrail. So, let’s go to the next step and attempt to retrieve the secret using a Kubernetes pod.