The difference between an Opaque object and a Secret object is as follows:
- When you do a GET on an Opaque object, you get its value along with metadata. For all other types, the value is not returned.
- You can get the value of the Secret object by calling Export API which will also generate an audit log. By default, all Secret objects are exportable.
To store sensitive Information, a Secret object is recommended.