What are Kubernetes ConfigMaps and Secrets

ConfigMaps

ConfigMaps store non-confidential configuration data as key-value pairs. They decouple environment-specific settings from container images, allowing the same image to run in dev, staging, and production.

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  DATABASE_HOST: "postgres"
  LOG_LEVEL: "info"

Secrets

Secrets store sensitive data such as passwords, tokens, and TLS certificates. By default, Secrets are base64-encoded and stored in etcd. For stronger security, enable encryption at rest.

apiVersion: v1
kind: Secret
metadata:
  name: db-password
type: Opaque
data:
  password: c2VjcmV0  # base64 encoded

Using Them in Pods

Mount as environment variables or volumes. Avoid logging sensitive values injected from Secrets.

For managing secrets in CI/CD, see how to implement CI/CD with Jenkins. If you are deploying services that consume these configs, how to implement zero-downtime deployments in Kubernetes ensures updates roll out safely.