- When we create secret,
oc describe secrethide them as:
$ oc describe secret mysecret ... Type: Opaque Data ==== password: 11 bytes username: 9 bytes
- However, when we try to
oc get secret -o yaml, it shows the value and it just encoded by base64. So, it easily to decode the secret data:
$ oc get secret mysecret -o yaml |grep password password: dmFsdWUtMg0KDQo= $ echo "dmFsdWUtMg0KDQo=" |base64 -d value-2
How can we encrypt it?
Our application security team wants to know if OpenShift stores the secrets encrypted at rest, or if not, if there are any ways we can implement that, whether it be through a third party product or through custom configuration.
How do I encrypt credentials for use in a container?
- OpenShift Container Platform
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.