K8s: Decode secrets - Wed, Aug 24, 2022
K8s: Decode secrets
Secrets may contain a lot of data such as a passwords, tokens, or keys. And sometimes it is handy to get their decoded values. For example when trying to retrieve the real value of a password.
The following command which I found here
does exactly that:
kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'
The command’s output looks something like this:
password: change-me
user: admin
The magic is done in the go template part, which pretty printed looks like this:
{{range $k,$v := .data}}
{{printf "%s: " $k}}
{{if not $v}}
{{$v}}
{{else}}
{{$v | base64decode}}
{{end}}
{{"\n"}}
{{end}}
The code iterates over the .data
part of the secret, gets all key value pairs and outputs the decoded value if one exists.
Although being a little bit clumsy to read, these go templates prove to be very powerful when trying to combine several commands into a single one.
P.S.: Usually I use k8s Lens to manage objects in a kubernetes cluster. It is a really powerful and easy to use tool which let’s you decode secrets as well…