# Setting Kubernetes Secrets

Kubernetes `Secrets` allow you to securely store and manage sensitive information—such as passwords, tokens, and keys—separately from your application code. This page covers how to define and manage those secrets in DuploCloud.

To securely manage Kubernetes secrets, follow these best practices:

* **Utilize Centralized Secret Management Tools** to streamline storage, versioning, and access control.
* **Implement Access Controls** to ensure only authorized users and workloads can access or modify secrets.
* **Regularly Rotate Secrets** to limit exposure if a secret is compromised.
* **Audit Access Logs** to monitor for unauthorized access or anomalies.

By using these strategies alongside DuploCloud's interface for Kubernetes secrets, you can enforce secure and maintainable secret management across your environments.

## Creating a Kubernetes Secret

1. In the DuploCloud Portal, navigate to **Kubernetes** -> **Secrets**.
2. Click **Add**. The **Add Kubernetes Secret** pane displays.<br>

   <div align="left"><img src="/files/od1Sl9YzKjpTOrZmYeBQ" alt="Add Kubernetes Secret pane"></div>
3. Complete the fields:

<table data-header-hidden><thead><tr><th width="163.33331298828125"></th><th></th></tr></thead><tbody><tr><td><strong>Secret Name</strong></td><td>A unique name for the secret.</td></tr><tr><td><strong>Secret Type</strong></td><td>Enter the Kubernetes secret type (e.g., <code>Opaque</code>, <code>kubernetes.io/dockerconfigjson</code>, etc.). Choose <code>Opaque</code> for generic key/value pairs.</td></tr><tr><td><strong>Secret Details</strong></td><td>Enter the key/value pairs that make up the secret. Use the format <code>key: value</code> per line, where the key is the filename and the value is its contents.</td></tr><tr><td><strong>Skip Encoding Secret (if already encoded)</strong></td><td>Select this option if your secret value is already base64-encoded. DuploCloud will store it as provided without performing additional encoding.</td></tr></tbody></table>

4. Optionally, select **Advanced Options** and configure the following fields as needed:

<table data-header-hidden><thead><tr><th width="196.88885498046875"></th><th></th></tr></thead><tbody><tr><td><strong>Secret Labels</strong></td><td>Enter one or more key-value pairs to categorize the secret. For example, you can assign an app name using <code>app.duplocloud.net/app-name: "&#x3C;app name>"</code> to enable filtering K8s resources by app in the DuploCloud Portal.</td></tr><tr><td><strong>Secret Annotations</strong></td><td>Enter one or more key-value pairs to add custom metadata to the secret. Use annotations to attach descriptive or operational information that can be referenced by Kubernetes or other tools.</td></tr></tbody></table>

5. Click **Add** to create the secret.

To use this Secret in your application, [mount it as a volume in a container](/docs/automation-platform/kubernetes-overview/configs-and-secrets/mounting-config-as-files.md#mounting-a-kubernetes-secret-as-a-volume).

## Creating a multi-line Kubernetes Secret

1. Follow the steps in [creating a Kubernetes Secret](#creating-a-kubernetes-secret), defining a Key value using the `PRIVATE_KEY_FILENAME` in the **Secret Details** field, as shown below.<br>

   <div align="left"><img src="/files/9c2ip1WI58zkyXPoK6gj" alt="" width="563"></div>
2. Click **Add** to create the multi-line secret.

To use this Secret in your application, [mount it as a volume in a container](/docs/automation-platform/kubernetes-overview/configs-and-secrets/mounting-config-as-files.md#mounting-a-kubernetes-secret-as-a-volume).

<figure><img src="/files/zbamdIe8agPhv40sZKk2" alt=""><figcaption><p>The <strong>Kubernetes Secrets</strong> page in the DuploCloud Portal</p></figcaption></figure>

## Troubleshooting Secret Format Issues

When entering a Kubernetes secret with a private key in Duplo, ensure the data is formatted as key/value pairs with all keys and values as strings. If you encounter format errors, it's likely due to non-string values or incorrect multiline string formatting. Use the `|` character to indicate multiline strings and manually split a single-line private key into multiple lines for compatibility. Matching the format of an existing, working secret can also aid in resolving these issues.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/automation-platform/kubernetes-overview/configs-and-secrets/setting-kubernetes-secrets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.