Closed timothysparg closed 5 years ago
Good catch.
When you say, "stringData
should be encrypted and moved into the data
section", do you mean "stringData
should be encoded and moved into the data
section"?
I think the answer is encoded
and then encrypted
. At least that's my reading of this section:
For certain scenarios, you may wish to use the stringData field instead. This field allows you to put a non-base64 encoded string directly into the Secret, and the string will be encoded for you when the Secret is created or updated.
I think my point was a little ambiguously written - I was making a general remark and not a procedural one.
So for clarity perhaps, I see as follows: StringData
should be encoded and moved into the data
section where it should be encrypted
(along with the rest of the data
) section
That makes sense to me. Basically, we should support stringData
since we currently do not.
The Kubernetes secrets page has the following line:
but if I encrypt a secret then the stringData section remains unchanged.
see example below:
If I read the section properly, the following should be expected
stringData
should be encrypted and moved into thedata
sectiondata
andstringData
then the value from thestringData
field should be used