Create a secret
A secret is a resource type that stores sensitive information for workloads, such as authentication credentials and keys.
Procedure
Log on to the Container Application Service console. In the navigation pane on the left, click Configuration Management > Secrets.
On the Secrets list page, click Create.
On the Create Secret page, enter the following information:
Namespace: Select a namespace. The default namespace is default.
Name: The name of the secret.
Secret Type:
Opaque: A generic secret type. You can enter a key and a value. The value must be Base64 encoded.
ImagePullSecret: Stores the authentication information required to pull images from a private repository. You can enter the container registry address, username, and password.
After you complete the configuration, click Create.
Use a secret
You can use secrets as environment variables, command-line arguments, or volumes for your workloads. You can also use a secret to pull an image in the Configure Pod Template step when you create an application service.
Prerequisites
A secret is created.
The pod and the secret must be in the same namespace.
This topic uses the following secret as an example.
apiVersion: v1 kind:Secret metadata: name: mysecret type:Opaque data: username:my-username #username password:******#Must be Base64 encoded
Use a secret to configure a pod volume
A secret can be used as a file in a pod.
Log on to the Container Application Service console. In the navigation pane on the left, click Workloads > Pods.
Click Create from YAML, enter the following content in the text box, and then click Submit.
The following pod example shows that the username and password from the mysecret secret are saved as files in the
/etc/foofolder.apiVersion: v1 kind:Pod metadata: name: mypod spec: containers: - name: mypod image: redis volumeMounts: - name: foo mountPath:"/etc/foo" readOnly:true volumes: - name: foo secret: secretName: mysecret
Use a secret to set pod environment variables
A secret can be set as an environment variable in a pod.
Log on to the Container Application Service console. In the navigation pane on the left, click Workloads > Pods.
Click Create from YAML, enter the following content in the text box, and then click Submit.
The following pod example shows that the username and password from the mysecret secret are configured as environment variables for the pod.
apiVersion: v1 kind:Pod metadata: name: secret-env-pod spec: containers: - name: mycontainer image: redis env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: SECRET_PASSWORD valueFrom: secretKeyRef: name: mysecret key: password restartPolicy:Never
Modify a secret
You can modify the data of Opaque secrets.
Procedure
Log on to the Container Application Service console. In the navigation pane on the left, click Configuration Management > Secrets.
On the Secrets list page, click the Name of a secret to go to its details page.
You can make the following changes:
Click Edit, modify the data for the configuration item, and then click Submit.
Click Add Secret Data, enter a variable name and value, and then click Submit.
View Secrets
Prerequisites
A secret is created.
Procedure
Log on to the Container Application Service console. In the navigation pane on the left, click Configuration Management > Secrets.
On the Secrets list page, click the Name of a secret to go to its details page.
NoteYou can add data to Opaque secrets.
Delete a secret
You can delete secrets that are no longer in use.
Deleting a secret might affect application containers that reference it. Ensure that no application containers reference the secret before you delete it.
Procedure
Log on to the Container Application Service console. In the navigation pane on the left, click Configuration Management > Secrets.
On the Secrets list page, click Delete.
In the dialog box that appears, click Confirm.