Secrets are similar to config maps, which we discussed in the previous chapter, in that they are also used to pass data to pods, but that's where their similarities end. A secret's only use case is to store sensitive data consumed by applications—API tokens, credentials, X.509 certificates/keys, and so on. They are backed by tmpfs (an in-memory temporary filesystem) which prevents them from being stored on persistent storage. Secrets are different from config maps in the following ways:

• Many secrets are created automatically on OpenShift startup (so that pods are able to access the OpenShift API and internal registry, for example)
• Secret values are base64-encoded by default, which makes them impossible to see until they are injected ...