A Simple and Interactive Decoder for Kubernetes Secrets

TL; DR: Here’s a simple shell function which can decode Kubernetes secrets interactively and should work in any Bash and compatible environments.


  • Bash or compatible shell
  • base64 command to decode base64 encoded content
  • yq command to parse YAML
  • fzf to provide interactivity

Here’s the code.

# kds = kubernetes decode secret
function kds() {
  # list all secret names in current namespace and select 1 using fzf
  secret=$(kubectl get secrets -o name| fzf)
  # cache the selected secret's content
  kubectl get $secret -o yaml > $secret_cache
  # list all keys in the secret and select 1 using fzf
  secret_key=$(cat $secret_cache | yq '.data|keys' |sed 's|^- ||g'|fzf)
  # print out the selected key and decode its value
  cat $secret_cache |yq ".data.\"$secret_key\"" |base64 -d
  rm $secret_cache

This can be chained together with other commands too, eg. on a Mac, I can do

kds |pbcopy

Then the decoded content of selected secret key will be put into clipboard.

Simple demo: