In Kubernetes, there is an object called Secrets. We use Secrets to manage sensitive information in our cluster. We can create a secret imperatively (using CLI) or declaratively (using a configuration file). At the moment, I’ve only learned how to create a secret imperatively so only imperative creation will be here for now.

Imperative Creation

To create a secret using kubectl, it will look something like this.

kubectl create secret <type> <name> <data>

What are type, name and data? Let’s take a look.


It refers to the type of secret we want to create. There are three types, and they are…

  1. generic - Used for creating from a local file, directory or a literal value
  2. docker-registry - Used for authenticating against Docker registries
  3. tls - Used for creating a TLS secret from a given public/private key pair

Most of the time, we will use the generic type.


It is simply the name of the secret.


It is the data we want to use as encoded secrets. There are two ways of specifying them.

  1. A path to a directory containing one or more configuration files, indicated using the --from-file or --from-env-file flags
  2. Key-value pairs, each specified using --from-literal flags e.g. --from-literal