How to Read Kubernetes Secrets
Kubernetes secrets is a great way to store secret values that only Kubernetes can access in your hosted applications.
There are times when you might need to view these secrets in plain-text. This is probably because you want to validate the value or use it manually elsewhere.
In this tutorial we will go through how to achieve this and read Kubernetes secrets using kubectl
for the command-line.
tl;dr
|
|
In the above sample code, simply replace <SECRET_NAME>
and <DATA>
with your own values.
Authenticate with your Kubernetes cluster
Start by authenticating into your Kubernetes cluster, you may need to first use an assume-role
or awsume
.
|
|
If you are using AWS EKS, do this to update your local kubeconfig file:
|
|
If all else fails, it may be useful to check these authentication strategies.
Now you will need to confirm the context:
|
|
List, read, and decode secret data
Let’s pretend that we want to read a secret called yoursecret
. To do this we can use the below command to see the names of all the secrets, in order to narrow down what exists.
Let’s find our what our secret is called:
Now that we know what our secret is called, we can issue the next command and view it’s value.
Use the describe keyword to view the secret:
We now that the data contained in the secret contains a username
and password
.
This is where we use kubectl
to get the outputs to YAML. This data is shown to us in a Base64 encoded string.
Use the below command on the command-line to decode the Base64 value back to plain-text:
A shortcut to decoding secret data
While the above is more of a tutorial on the steps to get this done, we can simplify these steps below into a single command: