> ## Documentation Index
> Fetch the complete documentation index at: https://docs.configu.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Kubernetes Secret

> Integrates the Configu Orchestrator with [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/).  

* Name: Kubernetes Secrets
* Category: Secret manager

## Configuration

Configu needs to be authorized to access your Kubernetes Secret instance. By default, Configu attempts to [load the default kubeconfig credentials](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable) via the `KUBECONFIG` environment variable. You can manually provide credentials via a kubeconfig file via the `kubeconfig` parameter. The `namespace` parameter must always be provided.

## Usage

### `.configu` store declaration

```yaml theme={null}
stores:
  my-store:
    type: kubernetes-secret
    configuration:
      namespace: default
      kubeconfig: ~/.kube/config
```

### CLI examples

#### Upsert command

```bash theme={null}
configu upsert --store "my-store" --set "test" --schema "./start.cfgu.json" \
    -c "GREETING=hey" \
    -c "SUBJECT=configu"
```

#### Eval and export commands

```bash theme={null}
configu eval --store "my-k8s-secret-store" --set "test" --schema "./start.cfgu.json" \
 | configu export
```

## Common errors and solutions

1. Cluster Access Issues
   * Solution: Ensure that the kubeconfig path is correct and that your user or service account has access to the cluster. Test connectivity with:
     ```bash theme={null}
     kubectl get nodes
     ```

2. Insufficient Permissions
   * Solution: Make sure your account has `GET`, `CREATE`, and `UPDATE` permissions for secrets. Use the following command to grant access:
     ```bash theme={null}
     kubectl create rolebinding configu-access --clusterrole=admin --serviceaccount=default:default
     ```

3. Namespace Not Found
   * Solution: Verify that the specified namespace exists by listing all available namespaces:
     ```bash theme={null}
     kubectl get namespaces
     ```

4. Secret Access Errors
   * Solution: Check that the target secret exists and the user has proper access permissions. Use:
     ```bash theme={null}
     kubectl get secrets -n <namespace>
     ```

## References

* Integration documentation: [https://kubernetes.io/docs/concepts/configuration/secret](https://kubernetes.io/docs/concepts/configuration/secret)
* Kubernetes authentication: [https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig)