Skip to main content

Secret

Overview

Secret is used to store and manage sensitive information such as passwords, auth tokens, etc.

Puzl utilizes Secret resources to manage crucial data securely: content of all the Secret objects is always stored encrypted.

Puzl has several custom types of Secret resources, which are specified with the related APIs.

Flexible Persistent File Storage API Credentials

Puzl offers flexible cloud storage accessible via the S3®-compatible API. Secret containing S3® access credentials is automatically generated in the namespace, where data volume was claimed.

The type of this secret is puzl.cloud/bucket-access and contains the following keys:

  • HOST: S3®-compatible API endpoint for the storage.
  • BUCKET_NAME: The name of the bucket.
  • AWS_ACCESS_KEY_ID: The access key ID for S3® operations.
  • AWS_SECRET_ACCESS_KEY: The secret access key for S3® operations.

Use the following command to retrieve the S3® access details for the given pipeline namespace (notice that all the values are encoded in base64):

kubectl get secrets -n <Namespace_With_Your_Volume> -o jsonpath='{.items[0].data}'

On Linux-based systems, you can also use this one-liner to decode the Secret's values:

kubectl get secrets -n <Namespace_With_Your_Volume> --field-selector type=puzl.cloud/bucket-access -o jsonpath='{.items[0].data.HOST}{"\n"}{.items[0].data.BUCKET_NAME}{"\n"}{.items[0].data.AWS_ACCESS_KEY_ID}{"\n"}{.items[0].data.AWS_SECRET_ACCESS_KEY}{"\n"}' | while read -r line; do echo $line | base64 --decode && echo; done