Create a Secret

This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at www.eksworkshop.com.

Encrypt Your Secret

Create a namespace for this exercise:

kubectl create ns secretslab

Output:


namespace/secretslab created

Create a text file containing your secret:

echo -n "am i safe?" > ./test-creds

Create your secret:

kubectl create secret \
        generic test-creds \
        --from-file=test-creds=./test-creds \
        --namespace secretslab

Output:


secret/test-creds created

Retrieve the secret via the CLI:

kubectl get secret test-creds \
  -o jsonpath="{.data.test-creds}" \
  --namespace secretslab | \
  base64 --decode

Output:


am i safe?

At the conclusion of this lab, we will validate the Decrypt API call in CloudTrail. It will take some time for the event to be viewable in CloudTrail. So, let’s go to the next step and attempt to retrieve the secret using a Kubernetes pod.