Notes to Self

Alex Sokolsky's Notes on Computers and Programming

Handling K8s secrets in kubectl

Retrieving all secrets:

> kubectl get secrets -n foo
NAME                  TYPE     DATA   AGE
bar        Opaque   2      22d
baz        Opaque   1      10d

Describe secret

> kubectl describe secret foo -n foo-namespace
Name:         foo
Namespace:    foo-namespace
Labels:       <none>
Annotations:  <none>

Type:  Opaque

api-key:  32 bytes
app-key:  40 bytes

Retrieve secret values

Retrieve and decode the binary secret:

kubectl get secret <secret-name> -n <namespace> -o jsonpath='{.data.<key>}' |\
    base64 --decode


> kubectl get secret foo -n foo-namespace -o jsonpath='{.data}'

Create secret

Store it:

kubectl create secret generic foo -n foo-namespace \
    --from-literal=api-key="ffffoooo=" \

create a secret from YAML with several keys:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
  name: psql-credentials
type: Opaque
  username: $(echo -n "test" | base64 -w0)
  password: $(echo -n "test123" | base64 -w0)

Editing secret

kubectl edit secrets <secret-name>