The resource provides mechanisms to inject containers with sensitive information, such as passwords, while keeping containers agnostic of Kubernetes. Secrets can be used to store sensitive information either as individual properties or coarse-grained entries like entire files or JSON blobs. The resource will by default create a secret which is available to any pod in the specified (or default) namespace.
data "kubernetes_secret" "example" {
metadata {
name = "basic-auth"
}
}
The following arguments are supported:
metadata
- (Required) Standard secret's metadata. For more info see Kubernetes referencemetadata
name
- (Required) Name of the secret, must be unique. For more info see Kubernetes referencenamespace
- (Optional) Namespace defines the space within which name of the secret must be unique.generation
- A sequence number representing a specific generation of the desired state.resource_version
- An opaque value that represents the internal version of this secret that can be used by clients to determine when secret has changed. For more info see Kubernetes referenceuid
- The unique in time and space value for this secret. For more info see Kubernetes referencedata
- A map of the secret data.binary_data
- A map of the secret data with values encoded in base64 format.data "kubernetes_secret" "example" {
metadata {
name = "example-secret"
namespace = "kube-system"
}
binary_data = {
"keystore.p12" = ""
another_field = ""
}
}
type
- The secret type. Defaults to Opaque
. For more info see Kubernetes referenceimmutable
- Ensures that data stored in the Secret cannot be updated (only object metadata can be modified).