Kubernetes Secrets vs ConfigMaps
I'm the author of both of these features. The idea is that you should:
- Use Secrets for things which are actually secret like API keys, credentials, etc
- Use ConfigMaps for not-secret configuration data
In the future, there will likely be some differentiators for secrets like rotation or support for backing the secret API w/ HSMs, etc. In general, we like intent-based APIs, and the intent is definitely different for secret data vs. plain old configs.
Hope that helps.
One notable difference in the implementation is that kubectl apply -f:
- ConfigMaps are "unchanged" if the data hasn't changed.
- Secrets are always "configured" - even if the file hasn't changed