Secrets Compared to ConfigMaps

Compare Kubernetes Secrets and ConfigMaps.

We'll cover the following

Similarities
Differences
Conclusion

Similarities

So far, Kubernetes Secrets do not seem to differ from ConfigMaps. From a functional perspective, they are the same.

Both allow us to inject some content. Both can use files, literal values, and files with environment variables as data sources.
Both can output data into containers as files or as environment variables.
Even the syntax for using Secrets is almost the same as the one used for ConfigMaps.

Differences

Note: The only significant difference between ConfigMaps and Secrets is that the latter creates files in tmpfs (temporary file storage).

Secrets are constructed as in-memory files and so leave no trace on the host’s file system. That alone is not enough to call Secrets secure, but it is a step in the right direction. We’d need to combine Secrets with “Authorization Policies” to make the passwords, keys, tokens, and other types of data secure that should not be accessible publicly. Even then, we might want to turn our attention toward third-party Secret managers like HashiCorp Vault.

Conclusion

Secrets are almost the same as ConfigMaps. The main difference is that the secret files are created in tmpfs. Kubernetes Secrets alone do not make your system secure. They are only one step towards a secure system.

Get hands-on with 1200+ tech skills courses.

How Did We Get Here?

Pods

ReplicaSets

Services

Deployments

Ingress

Volumes

ConfigMaps

Secrets

Namespaces

Securing Kubernetes Clusters

Managing Resources

Creating A Production-Ready Kubernetes Cluster

Create a Production-Ready Kubernetes Cluster

Persisting State

Deploy Stateful Applications with Persistent State

Create a Docker Swarm

Appendix: Running a Kubernetes Cluster Locally

Secrets Compared to ConfigMaps

Similarities

Differences

Conclusion