What is the difference between a ConfigMap and a Secret?easy
Answer
ConfigMaps store non-sensitive configuration (environment variables, config files). Secrets store sensitive data (passwords, tokens, keys) and are base64-encoded with access control restrictions.
Explanation
Both can be mounted as files or injected as environment variables. Secrets are not encrypted by default in etcd - enable encryption at rest or use an external secrets manager (Vault, AWS Secrets Manager with the CSI driver) for true security. RBAC limits which Pods can mount which Secrets. Never hardcode secrets in Dockerfiles or ConfigMaps - use Secrets or an external provider.
Follow-upHow do you rotate a secret without restarting Pods?