How to decode/decrypt Kubernetes secrets

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

Sensitive information such as passwords, SSH keys, API credentials, and OAuth tokens are stored as secrets in Kubernetes. We recently made a guide on how to copy Kubernetes secrets from one namespace to another. When the actual value of the password needs to be confirmed, the base64 data can be decoded. In this short guide, we will show you how to decode base64 passwords in Kubernetes using kubectl commands.

For this demonstration, we will create a simple secret that contains the username and password of the database.

echo -n 'admin' > ./username.txt
echo -n 'Password' > ./password.txt

Run the kubectl create secret command to create a Secret object for the Kubernetes API server.

$ kubectl create secret generic my-user-pass --from-file=./username.txt --from-file=./password.txt
secret/my-user-pass created

You can confirm that the secret object has been successfully created by running the following kubectl command:

$ kubectl get secret

Decrypt confidential data:

secret_name="my-user-pass"
kubectl get secret $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"n"}}{{end}}'

This is the output of my command execution:

password.txt: Password
username.txt: admin

if you have q You can use the following command to decode.

$ kubectl get secret my-user-pass -o json | jq '.data | map_values(@base64d)'
{
  "password.txt": "Password",
  "username.txt": "admin"

}

Use the following command to install jq:

--- Ubuntu / Debian ---
$ sudo apt install jq

--- CentOS / Fedora ---
$ sudo yum install jq

This makes it easy to output base64-encoded confidential information in Kubernetes.

Here are other articles about Kubernetes.

Deploy Prometheus on the EKS Kubernetes cluster

How to copy Kubernetes secrets between namespaces

Use horizontal Pod autoscaler on Kubernetes EKS cluster

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

Sidebar