Skip to main content
Version: Latest

Secrets

Secrets store sensitive data like passwords, tokens, or keys. They may contain one or more key value pairs.

note

This page is about secrets in general. For details on setting up a private registry, refer to the section on registries.

When configuring a workload, you'll be able to choose which secrets to include. Like config maps, secrets can be referenced by workloads as either an environment variable or a volume mount.

Mounted secrets will be updated automatically unless they are mounted as subpath volumes. For details on how updated secrets are propagated, refer to the Kubernetes documentation.

Creating Secrets in Namespaces

  1. In the upper left corner, click ☰ > Cluster Management.

  2. Go to the cluster where you want to add a secret and click Explore.

  3. To navigate to secrets, you may click either Storage > Secrets or More Resources > Core > Secrets.

  4. Click Create.

  5. Select the type of secret you want to create.

  6. Select a Namespace for the secret.

  7. Enter a Name for the secret.

    note

    Kubernetes classifies secrets, certificates, and registries all as secrets, and no two secrets in a namespace can have duplicate names. Therefore, to prevent conflicts, your secret must have a unique name among all secrets within your workspace.

  8. From Data, click Add to add a key-value pair. Add as many values as you need.

    tip

    You can add multiple key value pairs to the secret by copying and pasting.

  9. Click Save.

Result: Your secret is added to the namespace you chose. You can view the secret in the Rancher UI by clicking either Storage > Secrets or More Resources > Core > Secrets.

Mounted secrets will be updated automatically unless they are mounted as subpath volumes. For details on how updated secrets are propagated, refer to the Kubernetes documentation.

Creating Secrets in Projects

Before v2.6, secrets were required to be in a project scope. Projects are no longer required, and you may use the namespace scope instead. As a result, the Rancher UI was updated to reflect this new functionality. However, you may still create project-scoped secrets if desired. Note that you have to first enable the legacy feature flag and look at a single project to do so. Use the following steps to set up your project-level secret:

  1. In the upper left corner, click ☰ > Global Settings in the dropdown.
  2. Click Feature Flags.
  3. Go to the legacy feature flag and click Activate.
  4. In the upper left corner, click ☰ > Cluster Management in the dropdown.
  5. Go to the cluster that you created and click Explore.
  6. Click Legacy > Projects.
  7. In the top navigation bar, filter to see only one project.
  8. In the left navigation bar, click Secrets.
  9. Click Add Secret.

Result: Your secret is added to the individual project you chose. You can view the secret in the Rancher UI by clicking either Storage > Secrets or More Resources > Core > Secrets.

Since project-scoped secrets are set at the project level, any changes made at the namespace level will be overwritten.

note

Project-scoped secrets on the local cluster are only visible when a single project is selected.

What's Next?

Now that you have a secret added to a namespace, you can add it to a workload that you deploy.

For more information on adding secret to a workload, see Deploying Workloads.