How to Find and Delete Orphaned Secrets with Kubectl
Discover how to find and delete orphaned Kubernetes Secrets using kubectl commands. Improve security and optimize cluster performance with our guide.
Discover how to find and delete orphaned Kubernetes Secrets using kubectl commands. Improve security and optimize cluster performance with our guide.
Maintaining clean and organized Kubernetes clusters is important for DevOp teams so that they don’t waste computing or financial resources unnecessarily, or in the case of orphaned Secrets, leave exposed resources that could compromise security.
In this guide, we’ll focus on cleaning up your Kubernetes clusters by finding and deleting orphaned Secrets.
Secrets are API objects created to hold small amounts of confidential data like passwords, tokens, or keys. These objects allow the separation of private encrypted data from container images, Pod specifications, and application code, thus providing an extra useful layer of Pod security.
Secrets may get orphaned if they are left isolated from the deployment they were created to support, or if their owners have been purged. By removing orphaned Secrets, you’ll reduce clutter in the cluster and remove security vulnerabilities.
Here are the steps you should take for identify and removing orphaned Secrets:
To start, you can generate a list of all Secrets with this command:
This command will return the list of Secrets across all namespaces, but as you’ll see, the Secret object does not reference its owner.
You need to list all Secrets referenced by resources. Secrets can be referenced in several places:
To list all Secrets of current namespace, you can run the following commands that list all used Secrets and make a diff with the list of existing Secrets:
Now that you have a list of all the unused orphaned Secrets, you can start cleaning up by deleting them.
Delete the found orphaned Secret with this command:
Example output confirming deletion:
After you’ve deleted all the orphaned Secrets, you’ll have removed unneeded resources from your cluster, freeing up storage space and making your cluster more secure. If you remove orphaned resources regularly, you’ll ensure that your team is maintaining optimal Kubernetes resource management.
Finding and removing orphaned Secrets takes a few steps and you might not remember to make it a part of your routine.
With Blink, you can schedule automated checks like this one so you can maintain your Kubernetes clusters in just a couple clicks:
This automation is available in the Blink library. When it runs, it does the following steps:
This simple automation is easy to customize. Run it on a schedule, add approval steps to remove resources, or send the report via email or Teams instead.
There are over 5K automations in the Blink library to choose from, or you can build your own to match your unique needs.
Get started with Blink today and see how easy automation can be.
Blink is secure, decentralized, and cloud-native. Get modern cloud and security operations today.