Kubernetes Secrets vs ConfigMaps

kubernetes

Have been using Kubernetes secrets up to date. Now we have ConfigMaps as well.

What is the preferred way forward - secrets or config maps?

P.S. After a few iterations we have stabilised at the following rule:

  • configMaps are per solution domain (can be shared across microservices within the domain, but ultimately are single purpose config entries)

  • secrets are shared across solution domains, usually represent third party systems or databases


Solution 1:

I'm the author of both of these features. The idea is that you should:

  1. Use Secrets for things which are actually secret like API keys, credentials, etc
  2. Use ConfigMaps for not-secret configuration data

In the future, there will likely be some differentiators for secrets like rotation or support for backing the secret API w/ HSMs, etc. In general, we like intent-based APIs, and the intent is definitely different for secret data vs. plain old configs.

Hope that helps.

Solution 2:

One notable difference in the implementation is that kubectl apply -f:

  • ConfigMaps are "unchanged" if the data hasn't changed.
  • Secrets are always "configured" - even if the file hasn't changed

Related

UIApplication.shared.delegate equivalent for SceneDelegate xcode11?
Does foreach() iterate by reference?
Getting my public IP via API [closed]
Performance of qsort vs std::sort?
Ignoring timezones when creating a date in javascript/momentjs
How to attach a process in gdb
Squash all my commits into one for GitHub pull request [duplicate]
Understanding torch.nn.Parameter
Is the behavior of subtracting two NULL pointers defined?
Merge Two Lists in R
Sublime Text 2 - Files not opening a new tab?
How do I convert an HttpRequest into an HttpRequestBase object?