search

kubernetes / kubectl

Issue tracker and mirror of kubectl code
Apache License 2.0
2.89k stars 924 forks source link

Add kubectl get secret x --base64-decode #1680

Open yegli opened 2 days ago

yegli commented 2 days ago

What would you like to be added: kubectl get secret x -o yaml is a very useful command. I have had multiple use cases where I have secrets in our dev environment and I must verify the base64 encoded information. Unfortunately kubectl doesn't support a flag such as --base64-decode, which allows printing the secret to the cli in a human readable form.

I could create a function on my device that takes the intended value base64 encodes it and then compares the given value with the value provided from the secret, but this isn't intuitive and is hard to share with other developers.

I'd love to take over the according implementation once approved.

The flag --base64-decode should print the secret in yaml format with secret values decoded.

apiVersion: v1
data:
  password: Password!
  username: bob
kind: Secret
metadata:
  creationTimestamp: "2024-11-27T08:20:05Z"
  name: demo-secret
  namespace: default
  resourceVersion: "4887086"
  uid: 5172e5c1-bcc9-4df5-844b-90f5da16712d
type: Opaque

/sig cli

Why is this needed: To improve the workflow of troubleshooting secrets and verifying that the base64 data also matches the intended values.

k8s-ci-robot commented 2 days ago

This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
ardaguclu commented 2 days ago

get command approaches all the resources generic, that said there is no custom code specific for secrets. So it is not possible to add this flag in get. I'd recommend writing a script for this.

yegli commented 2 days ago

@ardaguclu Thanks a lot for your quick response I see the issue at hand. Do you know of any efficient way to share the code with other developers as I see this issue is widespread? Would be awesome to make this solution as accessible as possible.

ardaguclu commented 1 day ago

I'd add it in here and if someone stumble upon the same issue, they can use it from here.