codingstuff.io
ExploreTutorialsProblemsCS Subjects
Get Started
ExploreTutorialsProblemsCS Subjects
Get Started
codingstuff.io

Master the art of building software through interactive tutorials, real-world problems, and guided projects.

Pune, Maharashtra, India

codingstuffmail@gmail.com

Product

  • Explore
  • Tutorials
  • Problems
  • CS Subjects

Company

  • About
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Sitemap

© 2026 codingstuff.io. All rights reserved.

Built with ❤️ for developers everywhere

/
/
All Tutorials
🍃

Spring Boot

51 / 62 topics
47Kubernetes Basics for Spring Boot Applications48Creating a Kubernetes Deployment49Using Kubernetes Services50Using ConfigMaps in Kubernetes51Using Secrets in Kubernetes
Tutorials/Spring Boot/Using Secrets in Kubernetes
🍃Spring Boot

Using Secrets in Kubernetes

Updated 2026-04-20
3 min read

Introduction

In modern cloud-native applications, managing sensitive information such as API keys, passwords, and certificates is crucial for security and compliance. Kubernetes provides a robust mechanism to manage these secrets securely. This tutorial will guide you through using secrets in Kubernetes with a focus on Spring Boot applications.

Prerequisites

Before diving into the implementation, ensure you have the following:

  • A running Kubernetes cluster.
  • kubectl installed and configured to interact with your cluster.
  • Basic understanding of Docker and Spring Boot.
  • Access to a code editor or IDE.

Understanding Secrets in Kubernetes

Kubernetes secrets are objects that contain sensitive information such as passwords, OAuth tokens, SSH keys, etc. These secrets can be used by pods to access external systems securely. There are two types of secrets:

  1. Opaque Secrets: Base64-encoded data.
  2. TLS Secrets: Used for storing TLS certificates and keys.

Creating a Secret

Step 1: Create a Secret Manually

You can create a secret manually using kubectl. For example, to create an opaque secret containing a username and password:

kubectl create secret generic my-secret --from-literal=username=myuser --from-literal=password=mypassword

This command creates a secret named my-secret with two key-value pairs: username and password.

Step 2: Create a Secret from a File

If you have sensitive data in a file, you can create a secret from that file:

kubectl create secret generic my-file-secret --from-file=path/to/your/file.txt

This command creates a secret named my-file-secret with the content of file.txt.

Using Secrets in Spring Boot

To use secrets in your Spring Boot application, you need to mount them as environment variables or files inside the pod.

Step 1: Mount Secrets as Environment Variables

You can mount secrets as environment variables by defining them in your deployment YAML file:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-spring-boot-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-spring-boot-app
  template:
    metadata:
      labels:
        app: my-spring-boot-app
    spec:
      containers:
      - name: my-spring-boot-container
        image: my-spring-boot-image
        env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

In this example, the USERNAME and PASSWORD environment variables are set to the values from the my-secret secret.

Step 2: Mount Secrets as Files

You can also mount secrets as files:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-spring-boot-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-spring-boot-app
  template:
    metadata:
      labels:
        app: my-spring-boot-app
    spec:
      containers:
      - name: my-spring-boot-container
        image: my-spring-boot-image
        volumeMounts:
        - name: secret-volume
          mountPath: /etc/secret
      volumes:
      - name: secret-volume
        secret:
          secretName: my-file-secret

In this example, the content of my-file-secret is mounted at /etc/secret/file.txt.

Accessing Secrets in Spring Boot

Once the secrets are mounted as environment variables or files, you can access them in your Spring Boot application.

Step 1: Access Environment Variables

You can inject environment variables into your Spring Boot application using the @Value annotation:

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class SecretConfig {

    @Value("${USERNAME}")
    private String username;

    @Value("${PASSWORD}")
    private String password;

    public void printSecrets() {
        System.out.println("Username: " + username);
        System.out.println("Password: " + password);
    }
}

Step 2: Access Files

If you mounted secrets as files, you can read them using standard Java I/O operations:

import org.springframework.stereotype.Component;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;

@Component
public class SecretFileReader {

    public void readFile() {
        try {
            String content = new String(Files.readAllBytes(Paths.get("/etc/secret/file.txt")));
            System.out.println("File Content: " + content);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

Best Practices

  1. Avoid Hardcoding Secrets: Never hardcode secrets in your source code or configuration files.
  2. Use Environment Variables: Prefer using environment variables over file mounts for simplicity and security.
  3. Rotate Secrets Regularly: Regularly rotate your secrets to minimize the risk of exposure.
  4. Limit Secret Access: Use RBAC (Role-Based Access Control) to limit who can access specific secrets.

Conclusion

Using secrets in Kubernetes is a critical aspect of securing your applications. By following this guide, you should have a solid understanding of how to create and use secrets in your Spring Boot applications running on Kubernetes. Always prioritize security best practices to protect sensitive data.


PreviousUsing ConfigMaps in KubernetesNext Best Practices for Spring Boot Development

Recommended Gear

Using ConfigMaps in KubernetesBest Practices for Spring Boot Development