You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

Sensitive information such as passwords, SSH keys, API credentials and OAuth tokens are stored as Secrets in Kubernetes. We recently did a guide on how to copy a Kubernetes secret from one namespace to another. When you need to confirm the actual values of the secret you can decode base64 data. In this short guide we will show you how to decode a base64 secret in Kubernetes with kubectl command.

For this demonstration we will create a simple secret with username and password for database.

echo -n 'admin' > ./username
echo -n 'Password' > ./password

Run the kubectl create secret command to create an Secret object the Kubernetes API server.

$ kubectl create secret generic my-user-pass --from-file=./username --from-file=./password
secret/my-user-pass created

You can confirm the secret object was created successfully by running the following kubectl command:

$ kubectl get secret my-user-pass
NAME           TYPE     DATA   AGE
my-user-pass   Opaque   2      6s

$ kubectl get secret my-user-pass -o yaml

Decode the secret data:

# Decode username secret
$ kubectl get secret my-user-pass -o jsonpath="{.data.username}" | base64 --decode

# Decode password
$ kubectl get secret my-user-pass -o jsonpath="{.data.password}" | base64 --decode

Or use:

kubectl get secret my-user-pass -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'

This is my command execution output:

password.txt: Password
username.txt: admin

You can as well output encoded data and decode with base64.

$ kubectl get secret my-user-pass -o yaml
apiVersion: v1
  password.txt: UGFzc3dvcmQ=
  username.txt: YWRtaW4=
kind: Secret

$ echo 'YWRtaW4=' | base64 --decode

$ echo "UGFzc3dvcmQ=" | base64 --decode

Using jq and base64 dedoce

If you have jq you can use the following command to decode.

$ kubectl get secret my-user-pass -o json | jq '.data | map_values(@base64d)'
  "password.txt": "Password",
  "username.txt": "admin"


Install jq with the command:

--- Ubuntu / Debian ---
$ sudo apt install jq

--- CentOS / Fedora ---
$ sudo yum install jq

That’s how you can easily output the secrets encoded by base64 in Kubernetes.

Below are the other articles we have on Kubernetes.

Deploying Prometheus on EKS Kubernetes Cluster

How To Copy Kubernetes Secret Between Namespaces

Using Horizontal Pod Autoscaler on Kubernetes EKS Cluster

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF


Please enter your comment!
Please enter your name here