secode, short for secrets encode, is a utility for base64
encoding/decoding Kubernetes secrets.
It takes a .yaml
file or a stream as an input and replaces values with base64
encoded/decoded strings.
Also works with multiple Secret
definitions per file - kind: List
or ---
separated.
Requires Python 3+
Using pip3
:
pip3 install git+http://github.com/crtomirmajer/secode.git
Run:
secode secrets.yaml > secrets_base64.yaml
on secrets.yaml
containing:
apiVersion: v1
kind: Secret
metadata:
name: secret_1
type: Opaque
data:
secret_val_1: 'this-is-secret-1'
secret_val_2: 1337
secret_val_3: v/pp;QTh|F%@G5,9g,%qeh9j+ubQ3dM\
to get secrets_base64.yaml
:
apiVersion: v1
kind: Secret
metadata:
name: secret_1
type: Opaque
data:
secret_val_1: dGhpcy1pcy1zZWNyZXQtMQ==
secret_val_2: MTMzNw==
secret_val_3: di9wcDtRVGh8RiVARzUsOWcsJXFlaDlqK3ViUTNkTVw=
Use -d
(--decode
) flag to get the original:
secode secrets_base64.yaml -d
Pipe kubectl get secret
output through secode -d
to decode a deployed K8s secret on-the-fly:
kubectl get secret <name-of-the-secret> -o yaml | secode -d