You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

Sensitive information such as passwords, SSH keys, API credentials and OAuth tokens are stored as Secrets in Kubernetes. We recently did a guide on how to copy a Kubernetes secret from one namespace to another. When you need to confirm the actual values of the secret you can decode base64 data. In this short guide we will show you how to decode a base64 secret in Kubernetes with kubectl command.

For this demonstration we will create a simple secret with username and password for database.

echo -n 'admin' > ./username.txt
echo -n 'Password' > ./password.txt

Run the kubectl create secret command to create an Secret object the Kubernetes API server.

$ kubectl create secret generic my-user-pass --from-file=./username.txt --from-file=./password.txt
secret/my-user-pass created

You can confirm the secret object was created successfully by running the following kubectl command:

$ kubectl get secret

Decode the secret data:

secret_name="my-user-pass"
kubectl get secret $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'

This is my command execution output:

password.txt: Password
username.txt: admin

If you have jq you can use the following command to decode.

$ kubectl get secret my-user-pass -o json | jq '.data | map_values(@base64d)'
{
  "password.txt": "Password",
  "username.txt": "admin"

}

Install jq with the command:

--- Ubuntu / Debian ---
$ sudo apt install jq

--- CentOS / Fedora ---
$ sudo yum install jq

That’s how you can easily output the secrets encoded by base64 in Kubernetes.

Below are the other articles we have on Kubernetes.

Deploying Prometheus on EKS Kubernetes Cluster

How To Copy Kubernetes Secret Between Namespaces

Using Horizontal Pod Autoscaler on Kubernetes EKS Cluster

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF