Menu
I want to get the value of a specific field of a secret in a shell script.
From the kubectl get secret documentation, it seems the standard way to get a secret returns the whole thing, in a specified format, with the values base64 encoded.
So, to get the bar field of the foo secret, output as an unencoded string, I'm doing this:
kubectl get secret foo -o json | jq -r ".data.bar" | base64 --decode
That is
foo secret as JSONjq to read the bar field from the JSONbase64
Is there a way to do this only using kubectl?
Or an elegant way in POSIX-compliant shell that doesn't rely on any dependencies like jq?
623
asked Aug 06 '19 15:08
If you want to access data from a Secret in a Pod, one way to do that is to have Kubernetes make the value of that Secret be available as a file inside the filesystem of one or more of the Pod's containers. To configure that, you: Create a secret or use an existing one. Multiple Pods can reference the same secret.
In Kubernetes, "secret" refers to the Secret object, and Secret objects can be composed of multiple pieces of sensitive information. In this demo, mysecret includes both a username and password . And there's our secret. We can also confirm it has two pieces of data (presumably username and password).
type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs. In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret . These have a constrained contents.
Try this
kubectl get secret foo --template={{.data.bar}} | base64 --decode
No need of jq.
72
This should work since Kubernetes 1.11 (see PR 60755):
kubectl get secret foo -o go-template='{{ .data.bar | base64decode }}'
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
