DevOps Blog - Nicolas Paris

Read Kubernetes Secret Data

DevOpsK8S

On Kubernetes, when you do a describe on a secret you have only indication about size. By default the value is store in base64 meaning you can read the value en plain text. Here is an example of a secret.

kubectl describe secret/gcr-io
Name: gcr-io
Namespace: default
Labels: <none>
Annotations: <none>

Type: kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson: 5718 bytes

The following command will output you the content of the value of the secret.

 kubectl get secret my-secret -o json | jq '.data | map_values(@base64d)'

It have jq as dependency, if you don't know it, check my previous blog post about tools for devops.