Manage Sensitive Config Data with Kubernetes Secrets

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

Kubernetes Secrets are a great way to store sensitive configuration data without keeping it in plain text. This lab will provide some practice in working with Secrets and passing sensitive data to containers at runtime.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Retrieve the Old Database Password from the Existing Secret

The existing Secret db-pass is in the users namespace. Retrieve the password and save it in a file located at /home/cloud_user/dbpass.txt.

Change the Secret To Use the New Password

Change the password stored in the db-pass Secret to the new password. The new password is TrustNo1.

You will need to re-create the Pod for the changes to take effect. The Pod is in the users namespace and is called users-api. You can find a manifest for this Pod in /home/cloud_user/users-api.yml.

Additional Resources

Your company, SecuriCorp, is using Kubernetes to run some microservice applications. One of these services provides user data, which it accesses from a backend database.

In order to access the database, the microservice uses a database password. You have received a notification from an ethical hacker through your bug bounty program that this database password was leaked by being accidentally committed to a source code repository.

Your developers have asked for a copy of the old password so that they can perform a search on the source repository and determine exactly how the leak occurred.

Another team member is changing the database password. You will need to provide the new password to the microservice.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?