Sensitive information storage in Kubernetes using Cloud Code for IntelliJ

This page provides a quick introduction to what Kubernetes secrets are, and how Cloud Code helps enable the Secret Manager API to create, use, and store them.

Introduction to Kubernetes secrets

When creating Kubernetes applications, it's often necessary to pass small amounts of sensitive data for passwords, SSH keys, or OAuth tokens. Rather than store this information in a pod specification or container image, Kubernetes secrets can be created to store the sensitive data.

By default, Kubernetes secrets are stored unencrypted in the API server's underlying data store. Anyone with API access can retrieve or modify a secret. The Kubernetes Secrets documentation recommends taking at least the following steps in order to safely use Kubernetes secrets:

Secret Manager in Cloud Code

Cloud Code helps you use the Secret Manager API to create, version, and store your secrets with encryption at rest from within your IDE. You can use Secret Manager exclusively in Cloud Code, or in addition to other tools you already use for secret management.

Actions available within your IDE with Cloud Code include:

Work with Kubernetes secrets in Cloud Code

For step-by-step instructions on creating, versioning, using, and deleting secrets in Cloud Code, see Manage secrets.

What's next

Get support

To submit feedback or report an issue in your IntelliJ IDE, go to Tools > Cloud Code > Help / About > Submit feedback or report an issue to report an issue on GitHub, or ask a question on Stack Overflow.