The WebLogic Kubernetes Operator has an introspection job that handles WebLogic domain encryption. The introspection also addresses use of Kubernetes secrets for use with configuration overrides. For additional information on the configuration handling, see the configuration overrides documentation.
The introspection also creates a boot.properties file that is made available
to the pods in the WebLogic domain. The credential used for the
WebLogic domain is kept in a Kubernetes Secret which follows the naming pattern
<domainUID>-weblogic-credentials, where <domainUID> is
the unique identifier of the domain, for example, mydomain-weblogic-credentials.
For more information about the WebLogic credentials secret, see Secrets under Security.
To better protect your credentials and private keys, the Kubernetes cluster should be set up with encryption. Please see the Kubernetes documentation about encryption at rest for secret data and using a KMS provider for data encryption.