Kubefeeds
Kubefeeds Team A dedicated and highly skilled team at Kubefeeds, driven by a passion for Kubernetes and Cloud-Native technologies, delivering innovative solutions with expertise and enthusiasm.

Securing Configurations: Managing ConfigMaps and Secrets in Kubernetes

1 min read

In Kubernetes, separating configuration from code is essential for creating flexible, secure applications. This post dives into two key resources: ConfigMaps and Secrets. Learn how to manage your configuration data effectively while ensuring sensitive information remains secure.

What Are ConfigMaps and Secrets?

  • ConfigMaps: Store non-sensitive configuration data in key-value pairs. They allow you to decouple configuration artifacts from image content.
  • Secrets: Similar to ConfigMaps but designed to store confidential data such as passwords, tokens, and keys. They are encoded and can be managed with additional security controls.

Creating and Using a ConfigMap

Let’s start with a ConfigMap that holds application settings: 

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_MODE: "production"
  LOG_LEVEL: "info"

You can mount this ConfigMap as environment variables or as a file in a Pod. For example, to set environment variables: 

env:
- name: APP_MODE
  valueFrom:
    configMapKeyRef:
      name: app-config
      key: APP_MODE

Handling Secrets Securely

Secrets should be managed with care. Here’s how to create a Secret: 

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: bXl1c2Vy   # base64 encoded value for 'myuser'
  password: c2VjcmV0   # base64 encoded value for 'secret'

Remember to decode and handle these values securely in your applications.

Best Practices for ConfigMaps and Secrets

  • Separation of Concerns: Keep non-sensitive data in ConfigMaps and only use Secrets for sensitive information.

  • Version Control: Avoid storing sensitive data in version-controlled files.

  • Encryption: Consider encrypting Secrets at rest and use Kubernetes RBAC policies to control access.

  • Environment Specifics: Use different ConfigMaps and Secrets for development, staging, and production environments.

Conclusion

Using ConfigMaps and Secrets properly enhances both the security and flexibility of your Kubernetes deployments. By separating configuration from code, you can change settings on the fly without redeploying your application—and keep sensitive information safe.

Have you encountered any challenges with configuration management in Kubernetes? Let’s discuss your tips and tricks in the comments!

Kubefeeds Team A dedicated and highly skilled team at Kubefeeds, driven by a passion for Kubernetes and Cloud-Native technologies, delivering innovative solutions with expertise and enthusiasm.
«
»

Cloudflare for AI Helps Businesses Safely Use AI

Kubefeeds Team
Mar 19, 2025 1 min read

Choosing the Right Red Hat AI Solution: RHEL AI…

Kubefeeds Team
Mar 19, 2025 4 min read

Envoy Sidecar Proxy: Mastering Traffic Control, Observability, and Autoscaling…

Kubefeeds Team
Mar 19, 2025 2 min read