Secret resource enables users to store sensitive data.
Sensitive information is anything a user considers non-public, e.g.:
- TLS keys
Secret resources internally for certain operations,
for example when storing auto-generated certificates and keys when Mutual TLS is enabled.
data field of a Kuma
Secret is a Base64 encoded value.
base64 command in Linux or macOS to encode any value in Base64:
# Base64 encode a file cat cert.pem | base64 # or Base64 encode a string echo "value" | base64
# Access to the Secret HTTP API
Secret API requires authentication. Consult Accessing Admin Server from a different machine for how to configure remote access.
# Scope of the Secret
Kuma provides two types of Secrets.
# Mesh-scoped Secrets
# Global-scoped Secrets
Global-scoped Secrets are not bound to a given Mesh and cannot be used in Mesh Policies.
Global-scoped Secrets are used for internal purposes.
You can manage them just like the regular secrets using
Here is an example of how you can use a Kuma
Secret with a
provided Mutual TLS backend.
The examples below assumes that the
Secret object has already been created beforehand.