How To See Kubernetes Secret Data?

See Kubernetes Secret Data



Kubernetes secrets are data in key-value format stored secretly for your applications deployed in a Kubernetes system. If you have proper rights and, for debugging purposes you wish to see the secret data then this post will help you. 

To see Kubernetes secret data you must have proper rights to see its pods/deployments/secrets. This post assumes you have basic knowledge of Kubernetes and understand how to get access to a Kubernetes instance and you can run commands like kubectl get pod/deployments/secrets successfully.

Steps involved:

1. Get Kubernetes secret in details

2. Decode the secret data


Get Kubernetes Secret in Detail

You can normally get any resource list in Kubernetes by command 'kubectl get pods/deployments/secrets'. Similarly `secret` is also a resource. You get secret list by command:

>> kubectl get secrets
NAME                   TYPE                                 DATA           AGE
default-token-kctfm    kubernetes.io/service-account-token   3            634d
test-secret            Opaque                                1            258d

It will list all the secrets for the Kubernetes instance. Now choose the secret name of which you wish to see the data. Let's say in our case it's 'test-secret'. 

To get the secret data in detail, run the following command:


>> kubectl get secret test-secret -o yaml

Output:
apiVersion: v1
data:
  testKey: dGVzdEtleURhdGEK
kind: Secret
metadata:
   annotations:
     kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","data":
{"testKey":"dGVzdEtleURhdGEK"},"kind":"Secret","metadata":{"annotations":{},
"name":"test-secret","namespace":"default"}}
   creationTimestamp: "2019-04-22T08:55:50Z"
   name: test-secret
   namespace: default
   resourceVersion: "174116369"
   selfLink: /api/v1/namespaces/default/secrets/test-secret
   uid: 6d5345fd-64dc-11e9-8896-XXXXXXX
type: Opaque

The output will be in YAML file format. Notice your keys and its respective values of secrets will be under 'data' attribute i.e., testKey: dGVzdEtleURhdGEK. The value is actually base64 encoded.


Decode the Kubernetes Secret Data

To decode your key's value, either you can Google "decode base64 online". But if your secret is a corporate secret better avoid it. Make sure you have a Linux terminal open and run the following command:

base64 <encoded-data> | base64 -d

For our case it will be:

>> base64 dGVzdEtleURhdGEK | base64 -d
testKeyData

TADDDDAAAAAAAaaaaaaa your unlocked your secret data stored in your Kubernetes secret vault.


Note: To decode a string via command line in Windows try this Stackoverflow link


Comments

Post a Comment

Feel free to ask, comment and/or suggest.

Popular posts from this blog

Quickly Setup Golang pprof and debugging for Memory Leak

Image
This post gives you quick steps for debugging memory leak using pprof in Go lang microservices built with Gorilla Mux: Setting up pprof in Go lang Running and viewing the memory profile Pinpointing the code culprit line Setting up pprof in Go lang First, you have to include pprof package in your Go file. Go file is the place where you declare your routes: import ( "encoding/json" "errors" "fmt" "net/http" _ "net/http/pprof" "github.com/gorilla/mux" ) Then you need to add a path prefix 'debug'. PathPrefix registers a new route with a matcher for the URL path prefix. We do this to see the memory profiler on the browser. router := mux.NewRouter() router.PathPrefix("/debug/").Handler(http.DefaultServeMux) router.Path("/healthCheck").Methods("GET").HandlerFunc(s.HealthCheck) Do not be confused since pprof package not being used anywhe...
Read more

Effectively Use "cbt" command to get Google Cloud BigTable Data

Image
Google Cloud BigTable is a NO-SQL time series storage. Unlike SQL or my SQL, it doesn't have a standard user interface to see data (as of 2020 Nov). Instead, it provides a command-line tool.  Thus this blog will describe how to effectively query Google Cloud BigTable instance , to view and filter rows using the cbt command-line tool. This blog expects you to have a fair understanding of: Google Cloud BigTable Row keys, columns, column qualifier in BigTable Proper access rights to query BigTable Cloud BigTable Command line tool (cbt) provided by Google helps you perform various actions on your BigTable instance. The most common purpose I have been using it is for reading rows from my BigTable instance. 'cbt' command-line tool provides you the following reading options 1. Read: Read rows between the range of keys. cbt -instance <BIGTABLE_INSTANCE_ID> -project <GCP_PROJECT_ID> read <TABLE_NAME> start=<ROW_KEY_1> end=<ROW_KEY_2> 2. Read from: S...
Read more

Unit testing of typescript in visual studio (mocha + chai)

Image
  You will need following things to do unit test on typescript: Mocha : Its a testing framework, which will help us identify unit tests in Test explorer of VS Chai : Chai is the assertion library which works well with 'mocha' NodeJs tools for Visual Studio : This tool is needed to create NodeJs project in Visual studio. * I am using Visual Studio 2015 and assuming you have NodeJs environment setup on your machine To begin, open Visual Studio and add a ' Blank Node.js Web Application ' project. Then add ' TypeScript Mocha Unit Test file ' file into the project. (say UnitTest1.ts) Get ' mocha ' definitely typed file from the following location: https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/mocha/mocha.d.ts and include it in your project at:   Project  |  |_Scripts  |  |__typings  |  |___mocha (folder)  |  |____ mocha.d.ts   Similarly, add ' chai ' definitely typed file from this link https://github.com/DefinitelyTyped...
Read more