Skip to content

Utility for encoding/decoding Kubernetes secrets (base64)

License

Notifications You must be signed in to change notification settings

mloiseleur/secode

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secode

Forked in order to get it work also on stringData Field.

About

secode, short for secrets encode, is a utility for base64 encoding/decoding Kubernetes secrets. It takes a .yaml file or a stream as an input and replaces values with base64 encoded/decoded strings.

Also works with multiple Secret definitions per file - kind: List or --- separated.

Requires Python 3+

Install

Using pip3:

pip3 install git+http://github.com/mloiseleur/secode.git

Usage

Run:

secode secrets.yaml > secrets_base64.yaml

on secrets.yaml containing:

apiVersion: v1
kind: Secret
metadata:
  name: secret_1
type: Opaque
data:
  secret_val_1: 'this-is-secret-1'
  secret_val_2: 1337
  secret_val_3: v/pp;QTh|F%@G5,9g,%qeh9j+ubQ3dM\

to get secrets_base64.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: secret_1
type: Opaque
data:
  secret_val_1: dGhpcy1pcy1zZWNyZXQtMQ==
  secret_val_2: MTMzNw==
  secret_val_3: di9wcDtRVGh8RiVARzUsOWcsJXFlaDlqK3ViUTNkTVw=

Use -d (--decode) flag to get the original:

secode secrets_base64.yaml -d

Pipe kubectl get secret output through secode -d to decode a deployed K8s secret on-the-fly:

kubectl get secret <name-of-the-secret> -o yaml | secode -d

About

Utility for encoding/decoding Kubernetes secrets (base64)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%