github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/kubernetes/r/secret.html.markdown (about) 1 --- 2 layout: "kubernetes" 3 page_title: "Kubernetes: kubernetes_secret" 4 sidebar_current: "docs-kubernetes-resource-secret" 5 description: |- 6 The resource provides mechanisms to inject containers with sensitive information while keeping containers agnostic of Kubernetes. 7 --- 8 9 # kubernetes_secret 10 11 The resource provides mechanisms to inject containers with sensitive information, such as passwords, while keeping containers agnostic of Kubernetes. 12 Secrets can be used to store sensitive information either as individual properties or coarse-grained entries like entire files or JSON blobs. 13 The resource will by default create a secret which is available to any pod in the specified (or default) namespace. 14 15 ~> Read more about security properties and risks involved with using Kubernetes secrets: https://kubernetes.io/docs/user-guide/secrets/#security-properties 16 17 ~> **Note:** All arguments including the secret data will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html). 18 19 ## Example Usage 20 21 ```hcl 22 resource "kubernetes_secret" "example" { 23 metadata { 24 name = "basic-auth" 25 } 26 27 data { 28 username = "admin" 29 password = "P4ssw0rd" 30 } 31 32 type = "kubernetes.io/basic-auth" 33 } 34 ``` 35 36 ## Example Usage (Docker config) 37 38 ```hcl 39 resource "kubernetes_secret" "example" { 40 metadata { 41 name = "docker-cfg" 42 } 43 44 data { 45 ".dockercfg" = "${file("${path.module}/.docker/config.json")}" 46 } 47 48 type = "kubernetes.io/dockercfg" 49 } 50 ``` 51 52 ## Argument Reference 53 54 The following arguments are supported: 55 56 * `data` - (Optional) A map of the secret data. 57 * `metadata` - (Required) Standard secret's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata 58 * `type` - (Optional) The secret type. Defaults to `Opaque`. More info: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/secrets.md#proposed-design 59 60 ## Nested Blocks 61 62 ### `metadata` 63 64 #### Arguments 65 66 * `annotations` - (Optional) An unstructured key value map stored with the secret that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations 67 * `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#idempotency 68 * `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the secret. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels 69 * `name` - (Optional) Name of the secret, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names 70 * `namespace` - (Optional) Namespace defines the space within which name of the secret must be unique. 71 72 #### Attributes 73 74 * `generation` - A sequence number representing a specific generation of the desired state. 75 * `resource_version` - An opaque value that represents the internal version of this secret that can be used by clients to determine when secret has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency 76 * `self_link` - A URL representing this secret. 77 * `uid` - The unique in time and space value for this secret. More info: http://kubernetes.io/docs/user-guide/identifiers#uids 78 79 ## Import 80 81 Secret can be imported using its name, e.g. 82 83 ``` 84 $ terraform import kubernetes_secret.example my-secret 85 ```