I wrote a simple way to decode Kubernetes secrets called ‘Kubernetes Secret Decode’ which is located on github. When trying to debug applications it can be time consuming to find exactly what is going wrong where, and why things aren’t running as expected. One piece of the puzzle I like to rule out quickly is to find out if the secret values I am referencing in my pod are the values I am expecting. One way to achieve this with kubectl is to write a go template and base64 decode each value by selecting it like such kubectl get secrets my-secret -o 'go-template={{index .data "username"}} | base64 -D- . Another option is to output the whole secret with -o yaml and then grab each value and base64 decode them, once again, individually. But to me both of those options are slightly more time consuming and burdensome than I would like.

To solve this problem I wrote a little tool you can pipe a secret to and it displays the whole secret with the data in plain text. You don’t have to learn any new command syntax or leave kubectl interface.You can simply run kubectl get secret my-secret -o yaml | ksd .

So now with the command above you see this

$ kubectl get secret my-secret -o yaml | ksd

apiVersion: v1

data:

password: password

username: username

kind: Secret

metadata:

creationTimestamp: “2018–05–09T21:01:37Z”

name: my-secret

namespace: default

resourceVersion: “20229”

selfLink: /api/v1/namespaces/default/secrets/my-secret

uid: 29ef8024–53cc-11e8–967d-080027cd91ae

type: Opaque

After viewing that the data is what I expect I can move on to checking everything else that might be broken. Hope this helps makes someone else’s day better too. Feel free to make PRs or issues here.