Shared Secrets

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Shared secrets can be added in container secrets

Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.

• After logging into OmniDeq, click on the Project where you want to add Shared Secrets and click on Cruize.

  

  

• Click on blueprint version count on blueprint card. After clicking on count, blueprint versions page will be displayed which contains list of blueprint versions. as shown in the image below.

  

• Click on View configurations kebab menu option or click on blueprint version name then of blueprint version to view blueprint configurations.

  

• After clicking on above options blueprint configurations page will be opened, then go to Secrets tab beside config maps tab as shown in the below image.

  

Adding a Secret

• Click on Add New Secrets button from Secrets tab then form will be displayed to add Secret as shown in the below image.

  

  

• If blueprint is created from transform profile then the secrets from transform profile will get populated here.

• Add Secret by providing below details.

  Secret name	Type Secret name here
  Used for	Default selected is “Container”, change as applicable
  Referenced as	Default selected is “Env”, change as applicable
  Input type	Select applicable input type(Text based/File based)
  Add Text/File Data	Based on input type provide key values using text data or by uploading file for value
  Labels and Annotations	This is optional. Add Labels and Annotations here
  Secret Type	There are 5 different secret types. Default selected is "Opaque". Enter secrets data based on selected secret type.

• Secret name :

  • Only lowercase alphanumerics, '-' or '. allowed and must start and end with an alphanumeric character
  • Maximum 253 characters allowed

  • Name must be unique

    

• Used for :

  

  

  • There three options available in used for as listed below :

    1. Container : For container used for secrets any type of secret can be created for example - opaque, basic-auth or ssh-auth etc.

    2. Ingress : For ingress used for secrets, type will be kubernetes.io/tls and provide tls certificate and tls key.

       • Ingress secret will be used to add ingress.

       

    3. Image Pull : For image pull secrets, type will be kubernetes.io/dockerconfigjson and provide docker config json for same.

       

    4. Image pull secrets can be added and used in deployment.

       • Please refer to this section for more details on Adding Image Pull Secret in deployment Click here

• Referenced as :

  • There are two options for referenced as :
  • Env :
    • For env user can only provide text based config map data
  • Volumemount :
    • For volumemount secret data can be provided using text based or file based input.
    • Provide data based on selected secret type.
    • For volumemount provide below details- * Mount path: Enter mount path which should start with '/'. * Sub path: Sub path is optional. * Subpath key: Subpath key is also optional but if subpath is entered then user has to provide subpath key also.

• Secret type:

  • There are five secret types available as listed below :

    1. Opaque:
       • For opaque type of secret provide key value pair data.
    2. kubernetes.io/basic-auth :
       • For kubernetes.io/basic-auth provide username and password.
    3. kubernetes.io/ssh-auth :
       • For kubernetes.io/ssh-auth have to provide ssh-privatekey.
    4. kubernetes.io/tls :
       • For kubernetes.io/tls provide tls certificate and key.
    5. kubernetes.io/dockerconfigjson :
       • For kubernetes.io/dockerconfigjson provide docker config json.

    

• Labels & Annotations : Cilck here to know more details.

_Note - Secret Data can be provided either using text based input or file based input(file based only available for referenced as volumemount).

Share Secrets with containers

• As these are shared secrets we can share them with containers.

• To share secret follow below steps:

• Click on sharable icon from actions column of secret to share.

  

• Then it will open popup with list of all containers of deployments which are added under same blueprint as shown in the below image.

  

• Hierarchical list of deployments with containers will be shown in the popup. Select containers to share secret with them or to share with all containers under deployment select deployment then all containers under that deployment will get selected.

• After selecting container click Share button which will share secret with selected containers.

• This shared secrets can be added in containers secret from containers.

• Please refer to this section for more details on Add Shared Secrets here

View Secret Labels & Annotations

• Click on the View(Eye) icon from actions column in secrets table to view label & annotations as shown in the image below.

  

Edit Secrets

• Click on the Edit icon from actions column in secrets table to edit secret data as shown in image below.

  

• This will open form with data to edit as shown in below image, after editing click on update button to save updated changes.

  

Delete Secret

• Click on the Delete icon from actions column of secrets to delete secret data as shown in image below.

• This will remove the deleted secret