Compare Kubernetes Secrets versus environment variables for Pod credentials
Tests Kubernetes credential threat model across etcd and Git. Plain env vars leak into manifests and process lists; Secrets enable RBAC but are base64 by default and visible to nodes and authorized readers. Red flag: claiming Secrets are encrypted by default.
Tests your understanding of the Kubernetes credential threat model across version control, API server, etcd, and node filesystem. A strong answer contrasts plain environment variables, which embed secrets in manifests and process listings, with Kubernetes Secrets, which decouple data and support RBAC but are base64 at rest unless etcd encryption is configured and remain visible to the kubelet and any user with Secret read access.
Read the original → kubernetes.io
- #kubernetes
- #secrets
- #security
- #etcd
- #rbac
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.