Secrets let you store sensitive data—passwords, tokens, and certificates—separately from your application code and container images. This topic describes how to create, view, edit, and delete secrets in an Alibaba Cloud Container Compute Service (ACS) cluster.
Prerequisites
Before you begin, ensure that you have:
An ACS cluster. For more information, see Create an ACS cluster.
Secret types
Secrets are classified into the following types:
| Secret type | Use when you need to store |
|---|---|
| Opaque | Arbitrary sensitive data: passwords, API keys, certificates |
| Private Repository Logon Secret | Credentials to pull images from a private image repository |
| TLS Certificate | A TLS certificate and private key pair |
In addition, Kubernetes automatically creates Service Account secrets and mounts them to the /run/secrets/kubernetes.io/serviceaccount directory of each pod. These are managed by Kubernetes and do not require manual creation.
In ACS, you can create secrets with a single click. This action automatically encodes plaintext data into the Base64 format. You can also create secrets from the command line instead. For more information, see Kubernetes Secret.
Do not delete or modify secrets that Kubernetes automatically creates in system namespaces such as kube-system. Doing so can destabilize the cluster.
Create a secret
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the ID of the target cluster. In the left-side navigation pane, choose Configurations > Secrets.
On the Secrets page, select a Namespace, then click Create in the upper-left corner.
In the panel that appears, set Name and Type, then configure the type-specific parameters. Opaque To store passwords, API keys, or arbitrary sensitive data, set Type to Opaque. Private Repository Logon Secret To store credentials for pulling images from a private image repository, set Type to Private Repository Logon Secret. TLS Certificate To store a TLS certificate and private key, set Type to TLS Certificate.
Parameter Description Name A name for each key in the secret. Click Add to add multiple key-value pairs. Value The value for each key. Encode Data Values Using Base64 (Optional) Select this option to encode plaintext values into Base64 format automatically. Parameter Description Docker Registry URL The address of the image repository. Username The username for the image repository. Password The password for the image repository. Parameter Description Certificates The TLS certificate. Key The TLS private key.
View, edit, and delete secrets
After creating a secret, perform the following operations on the Secrets page.
View a secret
Click the name of a secret to see its basic information and configuration details. To display a value in plaintext, click the 
icon next to the value.
Edit a secret
Click Edit in the Actions column to modify the secret's configuration.
Delete a secret
Click Delete in the Actions column to remove a secret you no longer need.
Do not delete or modify secrets that Kubernetes automatically creates in system namespaces such as kube-system. Doing so can destabilize the cluster.
What's next
To use secrets in pods through volumes or environment variables, see Use secrets in pods.