Secure Sensitive Information with Secrets

In Kubernetes and OpenShift, a Secret allows you to securely store and consume sensitive data in your cluster.


  • Be sure to create your Secret in the same Namespace as the resource that needs to access it.
  • If using OpenShift, substitute kubectl with oc when following the examples provided.

Add a TLS Certificate and Key

  1. Encode your certificate and key with base64.

  2. Add the encoded certificate and key to the Data field of the Secret as “<myCert>.crt” and “<myKey>.key”.

      tls.crt: <base64-encoded_cert>
      tls.key: <base64-encoded_key>

See also

See the Kubernetes documentation: Distribute Credentials Securely Using Secrets.

Pull an Image from a Private Docker Registry

If you need to pull images from a private Docker registry, follow the instructions provided in the Kubernetes documentation:

Create a generic Secret

Create a generic Secret containing your BIG-IP login information.

kubectl create secret generic bigip-login --namespace kube-system --from-literal=username=admin --from-literal=password=admin

secret "bigip-login" created

Verify the Secret

kubectl describe secret bigip-login -n kube-system

Name:         bigip-login
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

password:  5 bytes
username:  5 bytes