How To See Kubernetes Secret Data?

See Kubernetes Secret Data



Kubernetes secrets are data in key-value format stored secretly for your applications deployed in a Kubernetes system. If you have proper rights and, for debugging purposes you wish to see the secret data then this post will help you. 

To see Kubernetes secret data you must have proper rights to see its pods/deployments/secrets. This post assumes you have basic knowledge of Kubernetes and understand how to get access to a Kubernetes instance and you can run commands like kubectl get pod/deployments/secrets successfully.

Steps involved:

1. Get Kubernetes secret in details

2. Decode the secret data


Get Kubernetes Secret in Detail

You can normally get any resource list in Kubernetes by command 'kubectl get pods/deployments/secrets'. Similarly `secret` is also a resource. You get secret list by command:

>> kubectl get secrets
NAME                   TYPE                                 DATA           AGE
default-token-kctfm    kubernetes.io/service-account-token   3            634d
test-secret            Opaque                                1            258d

It will list all the secrets for the Kubernetes instance. Now choose the secret name of which you wish to see the data. Let's say in our case it's 'test-secret'. 

To get the secret data in detail, run the following command:


>> kubectl get secret test-secret -o yaml

Output:
apiVersion: v1
data:
  testKey: dGVzdEtleURhdGEK
kind: Secret
metadata:
   annotations:
     kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","data":
{"testKey":"dGVzdEtleURhdGEK"},"kind":"Secret","metadata":{"annotations":{},
"name":"test-secret","namespace":"default"}}
   creationTimestamp: "2019-04-22T08:55:50Z"
   name: test-secret
   namespace: default
   resourceVersion: "174116369"
   selfLink: /api/v1/namespaces/default/secrets/test-secret
   uid: 6d5345fd-64dc-11e9-8896-XXXXXXX
type: Opaque

The output will be in YAML file format. Notice your keys and its respective values of secrets will be under 'data' attribute i.e., testKey: dGVzdEtleURhdGEK. The value is actually base64 encoded.


Decode the Kubernetes Secret Data

To decode your key's value, either you can Google "decode base64 online". But if your secret is a corporate secret better avoid it. Make sure you have a Linux terminal open and run the following command:

base64 <encoded-data> | base64 -d

For our case it will be:

>> base64 dGVzdEtleURhdGEK | base64 -d
testKeyData

TADDDDAAAAAAAaaaaaaa your unlocked your secret data stored in your Kubernetes secret vault.


Note: To decode a string via command line in Windows try this Stackoverflow link


Comments

Post a Comment

Feel free to ask, comment and/or suggest.

Popular posts from this blog

Effectively Use "cbt" command to get Google Cloud BigTable Data

Image
Google Cloud BigTable is a NO-SQL time series storage. Unlike SQL or my SQL, it doesn't have a standard user interface to see data (as of 2020 Nov). Instead, it provides a command-line tool.  Thus this blog will describe how to effectively query Google Cloud BigTable instance , to view and filter rows using the cbt command-line tool. This blog expects you to have a fair understanding of: Google Cloud BigTable Row keys, columns, column qualifier in BigTable Proper access rights to query BigTable Cloud BigTable Command line tool (cbt) provided by Google helps you perform various actions on your BigTable instance. The most common purpose I have been using it is for reading rows from my BigTable instance. 'cbt' command-line tool provides you the following reading options 1. Read: Read rows between the range of keys. cbt -instance <BIGTABLE_INSTANCE_ID> -project <GCP_PROJECT_ID> read <TABLE_NAME> start=<ROW_KEY_1> end=<ROW_KEY_2> 2. Read from: S
Read more

Quickly Setup Golang pprof and debugging for Memory Leak

Image
This post gives you quick steps for debugging memory leak using pprof in Go lang microservices built with Gorilla Mux: Setting up pprof in Go lang Running and viewing the memory profile Pinpointing the code culprit line Setting up pprof in Go lang First, you have to include pprof package in your Go file. Go file is the place where you declare your routes: import ( "encoding/json" "errors" "fmt" "net/http" _ "net/http/pprof" "github.com/gorilla/mux" ) Then you need to add a path prefix 'debug'. PathPrefix registers a new route with a matcher for the URL path prefix. We do this to see the memory profiler on the browser. router := mux.NewRouter() router.PathPrefix("/debug/").Handler(http.DefaultServeMux) router.Path("/healthCheck").Methods("GET").HandlerFunc(s.HealthCheck) Do not be confused since pprof package not being used anywhe
Read more

In Short: SLI, SLO and SLA (and Error Budget)

Image
Let's take an analogy that you are a toy-maker and you deliver toys to many customers on monthly basis. Customers want some kind of agreement of deliveries so they get confidence in your service. You agree with your customers that you will deliver at least 95 toys per month. The number 95 becomes your SLO. A service level objective (SLO), which is measurable and agreed with the customer. This agreement will be called an SLA - Service Level Agreement . So, " SLA is an agreement with your customers that says the SLO will be met on a monthly/weekly/daily basis ." You know you can make 4 toys per day and capable of delivering 120 toys per month. This is something that is measurable on daily basis by metrics you collect from your production house. This metric is something that tells exactly about your deliverables. Thus this becomes your Service Level Indicator. Base on the commitment you made to your customers i.e., 95 toys per month, which is 3.1 toys per day, knowing
Read more