All Products
Search

This Product

    Enterprise Distributed Application Service:Manage Secrets

    Document Center

    Enterprise Distributed Application Service:Manage Secrets

    Last Updated:Mar 11, 2026

    Kubernetes applications often need passwords, API keys, and TLS certificates, but hardcoding these values in images or configuration files creates security and maintenance risks. Secrets in Enterprise Distributed Application Service (EDAS) let you store sensitive data separately. Secrets can be passed to containers when you create or deploy applications.

    Important

    Modifying a Secret does not automatically update running applications. Redeploy each application that uses the Secret for changes to take effect.

    Use cases

    Use caseDescription
    Environment variablesInject Secret values as environment variables into containers. For more information, see Configure environment variables.
    Volume mountsMount Secret data as files in container directories. For more information, see Configure mount directories.
    Ingress TLSStore HTTPS certificate and private key in a Secret and reference it in an Ingress to terminate TLS. For more information, see Create an NGINX Ingress for an application.

    Prerequisites

    Before you begin, make sure that you have:

    Create a Secret

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations > Secrets.

    3. In the top navigation bar, select a region.

    4. On the Secrets page, click Create Secrets.

    5. In the Create Secrets panel, configure the following parameters, and then click Yes.

    Create Secrets panel
    ParameterDescription
    Secret dictionary nameA unique name for the Secret. Use lowercase letters, digits, and hyphens (-). The name must start with a letter and cannot end with a hyphen.
    Cluster nameThe Kubernetes cluster where the Secret is created. Select a cluster from the drop-down list.
    K8s namespaceThe Kubernetes namespace that scopes the Secret. Valid values:
    • default -- The default namespace, used when no namespace is specified for an object.
    • kube-system -- Reserved for objects created by the Kubernetes system.
    • kube-public -- Automatically created and readable by all users, including unauthenticated users.
    TypeThe Secret type. Valid values:
    • Opaque -- Stores arbitrary key-value data. See Opaque parameters.
    • TLS certificate -- Stores a Transport Layer Security (TLS) certificate and private key, typically used for Ingress TLS termination. See TLS certificate parameters.

    Opaque parameters

    When Type is set to Opaque, configure key-value pairs for the Secret:

    1. Click Add to add a mapping entry.

    2. Set the Key and Value for each entry.

      • Key: Supports letters, digits, hyphens (-), underscores (_), and periods (.).

      • Value: The sensitive data associated with the key.

    To import key-value pairs from a file, click Import Configuration and select a local file. Supported formats: JSON, YAML, or .properties. Maximum file size: 1,024 KB.

    Note To store binary data, select the Base64 encoded data check box before entering values. When this option is selected, enter Base64-encoded data directly. EDAS does not re-encode the data.

    TLS certificate parameters

    When Type is set to TLS certificate, provide the certificate and private key using one of the following methods:

    • Manual entry -- Set Cert to the public key and Key to the private key.

    • Self-signed certificate -- Click Create a self-signed certificate and configure the following fields:

      • Domain

      • The key length

      • Certificate start time

      • Certificate expiration time

    View Secret details

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations > Secrets.

    3. In the top navigation bar, select a region.

    4. Find the target Secret and click Details.

      You can search for the required Secret by Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace.

    5. On the details page, review the basic information and key-value pair data. For TLS certificate Secrets, the page also displays the associated domain name, certificate status, and certificate issuer.

    Modify a Secret

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations > Secrets.

    3. In the top navigation bar, select a region.

    4. Find the target Secret and click Edit.

      You can search for the required Secret by Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace.

    5. In the editing panel, update the keys and values as needed, and then click Yes.

    Important

    If the Secret is used by an application, redeploy the application after saving your changes. Updated Secret values do not take effect until redeployment.

    View associated Ingresses

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations > Secrets.

    3. In the top navigation bar, select a region.

    4. Find the target Secret and click View associated apps.

      You can search for the required Secret by Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace.

    5. On the page that appears, view the Ingresses associated with the Secret. Click an Ingress name to view its details.

    Delete a Secret

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Configuration Management > Kubernetes Configurations > Secrets.

    3. In the top navigation bar, select a region.

    4. Find the target Secret and click Delete.

      You can search for the required Secret by Secret dictionary name, Cluster name, Cluster ID, or K8sNamespace.

    5. In the confirmation dialog, click Yes.

    Important

    If the Secret is in use by an application, disassociate the Secret from the application before deleting it.