In order to reduce the risk of leaking the Secrets' content, Secret is not landed to the disk. Instead, kubelet creates a tmpfs filesystem on the node to store the Secret. The Kubernetes API server pushes the Secret to the node on which the demanded container is running. The data will be flashed when the container is destroyed.