A Simple and Interactive Decoder for Kubernetes Secrets

TL; DR: Here’s a simple shell function which can decode Kubernetes secrets interactively and should work in any Bash and compatible environments.

Requirements:

Bash or compatible shell
base64 command to decode base64 encoded content
yq command to parse YAML
fzf to provide interactivity

Here’s the code.

# kds = kubernetes decode secret
function kds() {
  # list all secret names in current namespace and select 1 using fzf
  secret=$(kubectl get secrets -o name| fzf)
  secret_cache=/tmp/kds_cache
  # cache the selected secret's content
  kubectl get $secret -o yaml > $secret_cache
  # list all keys in the secret and select 1 using fzf
  secret_key=$(cat $secret_cache | yq '.data|keys' |sed 's|^- ||g'|fzf)
  # print out the selected key and decode its value
  cat $secret_cache |yq ".data.\"$secret_key\"" |base64 -d
  rm $secret_cache
}

This can be chained together with other commands too, eg. on a Mac, I can do

kds |pbcopy

Then the decoded content of selected secret key will be put into clipboard.

Simple demo:

🙂

February 26, 2024

admin

Opensource, Systems Admin

kubernetes