1. If a file is the source of Secret, we'll have to create a text file which contains our sensitive data first:

// assume we have a sensitive credential named access token.
# cat 2-7-1_access-token
9S!g0U61699r

2. Next, we could use kubectl create secret in the command line to create the Secret. The syntax is:

Kubectl create secret <secret-type> --from-file <file1> (--from-file <file2> ...)

3. In our case, we use generic Secret type, since the access token is neither the Docker registry image pull Secrets nor TLS information:

# kubectl create secret generic access-token --from-file 2-7-1_access-token
secret "access-token" created

4. You can check the detailed Secret information with the kubectl get secret command:

// get the detailed information for a Secret.
# kubectl get secret access-token -o yaml
apiVersion: v1
data:
  2-7-1_access-token: OVMhZzBVNjE2OTlyCg==
kind: Secret
metadata:
  creationTimestamp: 2018-01-01T20:26:24Z
  name: access-token
  namespace: default
  resourceVersion: "127883"
  selfLink: /api/v1/namespaces/default/secrets/access-token
  uid: 0987ec7d-ef32-11e7-ac53-080027ac331c
type: Opaque

5. You can use the base64 command (https://linux.die.net/man/1/base64) in Linux to decode the encoded Secret:

// decode encoded Secret
# echo "OVMhZzBVNjE2OTlyCg==" | base64 --decode
9S!g0U61699r