OpenShift Secrets Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=External= * https://docs.openshift.com/container-platform/latest/rest_api/api/v1.Secret.html#operations =Internal= * OpenShift Security Operations ==List Secrets==...")
 
 
(2 intermediate revisions by the same user not shown)
Line 5: Line 5:
=Internal=
=Internal=


* [[OpenShift Security Operations]]
* [[OpenShift_Security_Operations#Secrets_Operations|OpenShift Security Operations]]
* [[OpenShift_Secrets_Concepts|Secrets Concepts]]


=Overview=


==List Secrets==
=List Secrets=


List all [[OpenShift_Security_Concepts#Secret|secrets]]:
List all [[OpenShift_Security_Concepts#Secret|secrets]]:
Line 14: Line 16:
  oc get secrets
  oc get secrets


==Create a Secret==
=Create a Secret=


  echo "..." > ./some-data.txt
  echo "..." > ./some-data.txt
Line 33: Line 35:
Secrets can be combined.
Secrets can be combined.


==Link the Secret to a Service Account==
=Link the Secret to a Service Account=


  oc secrets link <''service-account-name''> <''secret-name''>
  oc secrets link <''service-account-name''> <''secret-name''>
Line 39: Line 41:
More service account operations, below [[#Service_Account_Operations|Service Account Operations]].
More service account operations, below [[#Service_Account_Operations|Service Account Operations]].


==Extract Data from a Secret==
=Extract Data from a Secret=


Extract data from a given secret:
Extract data from a given secret:
Line 46: Line 48:
  oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm
  oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm


==Expose as Environment Variable==
=Expose as Environment Variable=


  oc env <''target-object''> --from=secret/<''secret-name''> --prefix=DB_
  oc env <''target-object''> --from=secret/<''secret-name''> --prefix=DB_


==Expose as a Mounted Volume==
=Expose as a Mounted Volume=


  oc set volume <''target-object''> --add --overwrite --name=<''some-name''> --mount-path /some-path --secret-name=<''secret-name''>
  oc set volume <''target-object''> --add --overwrite --name=<''some-name''> --mount-path /some-path --secret-name=<''secret-name''>

Latest revision as of 18:10, 30 January 2018

External

Internal

Overview

List Secrets

List all secrets: 

oc get secrets

Create a Secret

echo "..." > ./some-data.txt
oc secret new some-secret key_1=some-data.txt

.gitconfig File-Based

oc secret new <secret-name> .gitconfig=path/to/.gitconfig

Basic Authentication

oc secrets new-basicauth <secret-name> --username=<user-name> --password=<password>

SSK Key

oc secrets new-sshauth <secret-name> --ssh-privatekey=$HOME/.ssh/id_rsa

Secrets can be combined.

Link the Secret to a Service Account

oc secrets link <service-account-name> <secret-name>

More service account operations, below Service Account Operations.

Extract Data from a Secret

Extract data from a given secret: 

cd ~/tmp
oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm

Expose as Environment Variable

oc env <target-object> --from=secret/<secret-name> --prefix=DB_

Expose as a Mounted Volume

oc set volume <target-object> --add --overwrite --name=<some-name> --mount-path /some-path --secret-name=<secret-name>
Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_Secrets_Operations&oldid=37207"