I'm running a self-hosted local Kubernetes cluster and need to manage some credentials for my pods, such as usernames and passwords for my Mealie database. Since I'm the only person with access to my cluster, I'm wondering if I should use Secrets instead of ConfigMaps for this purpose. Both options seem to be easily accessible if someone manages to gain access to my system, so I'm trying to understand if there's a real benefit to using Secrets over ConfigMaps in my situation. I've heard that using RBAC controls who can see Secrets, but is that the main reason to choose one over the other? Am I overlooking something important?
1 Answer
Using Secrets is generally viewed as a best practice, even in a personal setup. The main reason is that if you ever decide to expand and allow others access to your cluster, you'll wish you hadn't used ConfigMaps for sensitive data. Secrets can be managed with RBAC to limit access, whereas ConfigMaps are accessible by users with basic permissions. Doing it right from the start saves a headache in the future!
Can you elaborate on that? If I have my files secured on Git and I'm using ArgoCD, isn't the setup pretty similar whether I use a Secrets YAML or a ConfigMap YAML?