Secrets Compared to ConfigMaps

Compare Kubernetes Secrets and ConfigMaps.

We'll cover the following


So far, Kubernetes Secrets do not seem to differ from ConfigMaps. From a functional perspective, they are the same.

  • Both allow us to inject some content. Both can use files, literal values, and files with environment variables as data sources.
  • Both can output data into containers as files or as environment variables.
  • Even the syntax for using Secrets is almost the same as the one used for ConfigMaps.


Note: The only significant difference between ConfigMaps and Secrets is that the latter creates files in tmpfs (temporary file storage).

Secrets are constructed as in-memory files and so leave no trace on the host’s file system. That alone is not enough to call Secrets secure, but it is a step in the right direction. We’d need to combine Secrets with “Authorization Policies” to make the passwords, keys, tokens, and other types of data secure that should not be accessible publicly. Even then, we might want to turn our attention toward third-party Secret managers like HashiCorp Vault.


Secrets are almost the same as ConfigMaps. The main difference is that the secret files are created in tmpfs. Kubernetes Secrets alone do not make your system secure. They are only one step towards a secure system.

Get hands-on with 1200+ tech skills courses.