Back to all scenarios
Scenario #299
Security
Kubernetes v1.23, AKS

Secret Stored in ConfigMap by Mistake

A sensitive API key was accidentally stored in a ConfigMap instead of a Secret, making it visible in plain text.

Find this helpful?
What Happened

Developer used a ConfigMap for application config, and mistakenly included an apiKey in it. Anyone with view rights could read it.

Diagnosis Steps
  • 1Reviewed config files for plaintext secrets.
  • 2Found hardcoded credentials in ConfigMap YAML.
Root Cause

Misunderstanding of Secret vs. ConfigMap usage.

Fix/Workaround
• Moved key to a Kubernetes Secret.
• Rotated exposed credentials.
Lessons Learned

Educate developers on proper resource usage.

How to Avoid
  • 1Lint manifests to block secrets in ConfigMaps.
  • 2Train developers in security best practices.
Previous ScenarioNext Scenario