What are ConfigMaps and Secrets in Kubernetes, and how do you use them securely?

ConfigMaps and Secrets are Kubernetes objects for managing configuration data and sensitive information separately from application code.\n\nConfigMaps: Store non-sensitive configuration data\n• Key-value pairs, files, or directories\n• Mounted as volumes or environment variables\n• Decoupled configuration from container images\n• Support hot reloading in some cases\n\nSecrets: Store sensitive data like passwords, tokens\n• Base64 encoded (not encrypted by default)\n• Mounted as volumes or environment variables\n• Automatic rotation capabilities\n• RBAC controls access\n\nUsage Methods:\n• Environment variables: envFrom, env\n• Volume mounts: more secure, supports file permissions\n• Init containers: for setup tasks\n\nExample:\napiVersion: v1\nkind: Secret\nmetadata:\n name: db-secret\ntype: Opaque\ndata:\n username: YWRtaW4=\n password: MWYyZDFlMmU2N2Rm\n\nBest Practices:\n• Use volume mounts instead of environment variables\n• Enable encryption at rest\n• Implement proper RBAC\n• Use external secret management systems\n• Rotate secrets regularly