This topic describes how to use the Container Service console to create a Secret.


A Kubernetes cluster is created. For more information, see Create an ACK cluster.

Background information

We recommend that you use Secrets for sensitive configurations in Kubernetes clusters, such as passwords and certificates.

Secrets have many types. For example:

  • Service Account: Automatically created by Kubernetes, which is used to access Kubernetes APIs and is automatically mounted to the pod directory /run/secrets/
  • Opaque: Secret in the base64 encoding format, which is used to store sensitive information such as passwords and certificates.

By default, you can only create secrets of the Opaque type in the Container Service console. Opaque data is of the map type, which requires the value to be in the base64 encoding format. Alibaba Cloud Container Service supports creating Secrets with one click and automatically encoding the clear data to base64 format.

You can also manually create Secrets by using command lines. For more information, see Kubernetes Secrets .


  1. Log on to the Container Service console.
  2. In the left-side navigation pane under Container Service-Kubernetes, choose Configuration > Secrets.
  3. Select the target cluster and namespace. Then, in the upper-right corner, click Create.
  4. Complete the configurations to create a Secret.
    Note To enter the clear data of the secret, select the Encode data values using Base64 check box.
    1. Name: Enter the Secret name, which must be 1–253 characters long, and can only contain lowercase letters, numbers, hyphens (-), and dots (.).
    2. Configure the Secret data. Click the add icon next to Name and enter the name and value of the Secret, namely, the key-value pair. In this example, the Secret contains two values: username:admin andpasswrod:1f2d1e2e67df.
    3. Click OK.
  5. The Secret page appears. You can view the created Secret in the Secret list.