Menu
I would like to use kubectl to print out all key-value pairs in my Secrets. I cannot figure out how to do this in one line with the -o --jsonpath flag or by piping into jq. I could certainly make a script to do this but I feel there must be a better way, given that the kubernetes GUI is pretty straightforward and liberal when it comes to letting you view Secrets.
Say I create secret like so:
kubectl create secret generic testsecret --from-literal=key1=val1 --from-literal=key2=val2
Now I can run kubectl get secret testsecret -o json to get something like:
{
"apiVersion": "v1",
"data": {
"key1": "dmFsMQ==",
"key2": "dmFsMg=="
},
...
}
I can do something like
kubectl get secret testsecret -o jsonpath='{.data}'
or
kubectl get secret testsecret -o json | jq '.data'
to get my key-value pairs in non-list format then I'd have to base64 --decode the values.
What is the easiest way to get a clean list of all my key-value pairs? Bonus points for doing this across all Secrets (as opposed to just one specific one, as I did here).
995
Export the secret We want to copy a secret from our "source" cluster to our "destination" cluster. So first, ensure you're authenticated with your source cluster. This should show the name of the context configured to access your source cluster. Now export the secret, and store the secret config data in a file.
yaml , Kubernetes stores it in etcd. The Secrets are stored in clear in etcd unless you define an encryption provider. When you define the provider, before the Secret is stored in etcd and after the values are submitted to the API, the Secrets are encrypted.
Sufficiently recent versions of jq have a filter for decoding base64 but it can only be used if the value that was encoded is a valid JSON string.
Anyway, you could start by trying:
.data | map_values(@base64d)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
