# Creating Secrets in Kubernetes

## Creating Secrets in Kubernetes

## Overview

The Apono Connector uses the [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret) to connect to resource integration without storing any secrets.

## Step by step guide

### Prerequisites

1. An [Apono connector](https://docs.apono.io/docs/kubernetes-environment/apono-connector-for-kubernetes) installed in your Kubernetes cluster

### Create a new secret for Apono

1. Create the secret

> 📘 NOTE: each integration requires different secret parameters
>
> Consult the integration's guide to learn more

```
kubectl create secret generic <<SecretName>> <INSERT PARAM PAIRS HERE> 
```

* Param format: `--from-literal=PARAM KEY=PARAM VALUE`\
  Repeat this for each required param, based on the [integration parameters](https://docs.apono.io/reference/integrations).

2. Label the secret with `apono-connector-read: true`:

```bash
  kubectl label secret <<SecretName>> "apono-connector-read=true"
```

3. Give the Apono connector permissions to the secret:

```
helm upgrade apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
    --set-string apono.token=[APONO_TOKEN] \
    --set-string apono.connectorId=[CONNECTOR_NAME] \
    --set serviceAccount.manageClusterRoles=true \
    --set allowedSecretsToRead={secret1\,secret2\,secret3} \
    --namespace apono-connector 
```

### Provide Apono with the secret

1. When adding a new integration, provide the secret details:
2. Namespace
3. Secret name

![](https://files.readme.io/6c1be4f-image.png)