Kubernetes secrets are objects that store and manage sensitive data inside Kubernetes cluster.
Secrets handle sensitive data.
Secrets have a size limit of 1 MB.
Secrets are stored inside the Kubernetes data store such that ETCD database on Kubernetes Master node and are created before they can be used inside a Pods manifest file.
When it comes to implementation can either mount Secrets as Volumes OR expose them as Environment Variables inside the Pod manifest files.

There are a few different types of Secrets in Kubernetes using YAML files.
● Opaque
It is the default for Opaque type in Secrets.
The default Secret type if one isn’t specified in the manifest configuration file.
It allows you to provide arbitrary configuration data in key-value pairs.
type: Opaque
● Service Account
These store a token that identifies a specific service account.
Don’t forget to set the 'kubernetes.io/service-account.name' annotation to an existing service account.
type: kubernetes.io/service-account-token
● Docker
This stores the credentials for a specific Docker registry for container images.
type: kubernetes.io/dockercfg
It store a serialized ~/.dockercfg which is the legacy format for configuring Docker command line.
The Secret data field contains a .dockercfg key whose value is the content of a base64 encoded ~/.dockercfg file.
type: kubernetes.io/dockerconfigjson
It store a serialized JSON that follows the same format rules as the ~/.docker/config.json file, which is a new format for ~/.dockercfg.
The Secret data field must contain a .dockerconfigjson key for which the value is the content of a base64 encoded ~/.docker/config.json file.
● Basic Authentication
These store basic authentication credentials.
It need to include the 'username' and 'password' keys.
type: kubernetes.io/basic-auth
● SSH Authentication
It store SSH credentials.
It specify an 'ssh-privatekey' key-value pair in the "data" OR "stringData" field.
type: kubernetes.io/ssh-auth
● TLS
The Secrets store certificates and the associated keys used for TLS.
Need to make sure the 'tls.key' and the 'tls.crt' keys are included in the "data" field of the Secret’s configuration.
type: kubernetes.io/tls
● Bootstrap
type: bootstrap.kubernetes.io/token

The syntax for YAML files.
data - mapping an key-value pairs encoded with base64.
stringData - mapping an key-value pairs in plain text with out encoded base64.

There are a few different types of Secrets in Kubernetes using kubectl commands.
● generic
Create a Secret from a local file, directory, or literal value.
● docker-registry
Creates a dockercfg Secret for use with a Docker registry.
● tls
Create a TLS secret from the given public/private key pair.
The public/private key pair must exist beforehand.
The public key certificate must be .PEM encoded and match the given private key.
