This topic describes how to use a Secret in a pod.
Prerequisites
- The Secret and pod are in the same cluster of Container Service for Kubernetes (ACK)
and belong to the same namespace.
- You are connected to a master node of the cluster. For more information, see Use kubectl to connect to an ACK cluster.
Background information
You can use a Secret in a pod in the following scenarios:
- Mount a Secret as a volume to a pod.
- Use a Secret to configure environment variables for a pod.
For more information, see Secrets.
Create a Secret
In this example, a Secret named secret-test is created.
- Log on to the ACK console.
- In the left-side navigation pane, click Clusters.
- On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane, click Workload.
- In the upper-right corner of the Deployments tab, click Create from Template.
- Select a cluster and a namespace, select a sample template or enter a custom template,
and then click Create.
The following YAML template is an example:
apiVersion: v1
kind: Secret
metadata:
name: secret-test
type: Opaque
data:
username: admin
password: 12345 # The value must be encoded in Base64.
For more information about how to create a Secret in the ACK console, see Create a Secret.
Mount a Secret as a volume to a pod
You can mount a Secret as a volume to a pod by using the following methods:
You can use a YAML file to mount a Secret as a volume to a pod. A mounted Secret can
be used as a file in a pod. In this example, the username and password information
of secret-test is stored in a file under the /srt directory.
- Create a file named example0.yaml and paste the following content into the file:
apiVersion: v1
kind: Pod
metadata:
name: pod0
spec:
containers:
- name: redis
image: redis
volumeMounts:
- name: srt
mountPath: "/srt "
readOnly: true
volumes:
- name: srt
secret:
secretName: secret-test
- Run the following command to execute the file:
kubectl apply -f example0.yaml
Note Replace example0.yaml with the name of the YAML file that is used.
You can also mount a Secret as a volume to a pod in the Container Service for Kubernetes
(ACK) console.
- In the left-side navigation pane, click Clusters.
- On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane, click Workload.
- In the upper-right corner of the Deployments tab, click Create from Image.
- On the Basic Information wizard page, set the parameters based on your requirements and click Next.
- On the Container wizard page, click Add Local Storage in the Volume section. In this example, select Secret from the PV Type drop-down list, select the Secret that is created in Create a Secret from the Mount Source drop-down list, and specify a container path to mount the volume.
The following figure shows the configuration of the volume.

- On the Advanced wizard page, set the parameters based on your requirements and click Create.
Use a Secret to configure environment variables for a pod.
You can use a Secret to configure environment variables for a pod in the following
ways:
You can use a YAML file to configure environment variables for a pod. In this example,
the username and password information of secret-test is configured as environment
variables of a pod.
- Create a YAML file named example1.yaml and paste the following content into the file.
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: redis
image: redis
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: secret-test
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: secret-test
key: password
- Run the following command to configure the environment variables:
kubectl apply -f example1.yaml
Note Replace example1.yaml with the name of the YAML file that is used.
You can also use a Secret to configure environment variables for a pod in the ACK
console.
- In the left-side navigation pane, click Clusters.
- On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane, click Workload.
- In the upper-right corner of the Deployments tab, click Create from Image.
- On the Basic Information wizard page, set the parameters based on your requirements and click Next.
- On the Container wizard page, click
in the Environments section. In this example, select Secret from the Type drop-down list and select the Secret that is created in Create a Secret from the Value/ValueFrom drop-down list. After you select the Secret, you must specify the key of the key-value
pair that you want to reference and also specify a name for the environment variable.
The following figure shows the configurations.

- On the Advanced wizard page, set the parameters based on your requirements and click Create.