When we can decode the base 64 values of Kubernetes Secrets, why they're considered to store confidential information? Please help me to understand this
Asked
Active
Viewed 23 times
0
-
While Stack Overflow does permit certain questions about Kubernetes, we require that they (like all questions asked here) be specifically related to programming. This question does not appear to be specifically related to programming, which makes it off-topic here. You might be able to ask questions like this one on [sf] or [DevOps](https://devops.stackexchange.com/). – Turing85 Sep 17 '22 at 11:01
-
3Secrets are not really "secure"; they are just base64-encoded (see the [official kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/secret/) for details and warnings). This is why systems like [Hashicorp Vault](https://www.vaultproject.io/) or [Bitnami sealed secrets](https://github.com/bitnami-labs/sealed-secrets) exist. – Turing85 Sep 17 '22 at 11:02
-
The linked question notes that, on the one hand, you can have an RBAC policy that forbids reading Secret objects, but on the other, you can usually create a Pod that mounts them or exec into a running Pod that has them. – David Maze Sep 17 '22 at 21:42