Skip to main content
Version: 3.3

What Are Secrets?

Like Kubernetes secrets, Loft secrets are intended to hold confidential data in the form of key/value pairs. Loft extends Kubernetes secrets by allowing global or project level managment of secret data, managing which users and teams can access secrets, and synchronizing secret data across multiple clusters and the spaces and virtual clusters on those clusters. After creating Loft secrets, native Kubernetes secrets can be created with labels that indicate to Loft that the secret data should be synchronized with Loft secrets. Once this secret synchronization is configured, the secret data can be mounted using the native secret as usual, but managed at the project or global level using Loft secrets.

Project Secrets

Project secrets are scoped to a Project, and implicitly only allow access to members of the project. Once a project secret is created, native Kubernetes secrets that synchronize to the project secret can be created in spaces and virtual clusters that belong to the project. This provides a convenient way to manage secret data for all members of the project. For more information on creating project secrets, see Using Project Secrets -> Create

Global Secrets

Global secrets or shared secrets can be synchronized across all spaces in Loft registered clusters. Additionally, global secrets can be use to synchronize project secrets. This allows organization wide management of secrets shared across multiple projects. Like project secrets, native Kubernetes secrets can be synchronized directly to global secrets, however this synchronization only works for secrets defined in spaces and not virtual clusters. For more information on creating project secrets, see Using Global Secrets -> Create