secode, short for secrets encode, is a utility for base64 encoding/decoding Kubernetes secrets.
It takes a .yaml file or a stream as an input and replaces values with base64 encoded/decoded strings.
Also works with multiple Secret definitions per file - kind: List or --- separated.
Requires Python 3+
Using pip3:
pip3 install git+http://github.com/crtomirmajer/secode.git
Run:
secode secrets.yaml > secrets_base64.yamlon secrets.yaml containing:
apiVersion: v1
kind: Secret
metadata:
name: secret_1
type: Opaque
data:
secret_val_1: 'this-is-secret-1'
secret_val_2: 1337
secret_val_3: v/pp;QTh|F%@G5,9g,%qeh9j+ubQ3dM\to get secrets_base64.yaml:
apiVersion: v1
kind: Secret
metadata:
name: secret_1
type: Opaque
data:
secret_val_1: dGhpcy1pcy1zZWNyZXQtMQ==
secret_val_2: MTMzNw==
secret_val_3: di9wcDtRVGh8RiVARzUsOWcsJXFlaDlqK3ViUTNkTVw=Use -d (--decode) flag to get the original:
secode secrets_base64.yaml -dPipe kubectl get secret output through secode -d to decode a deployed K8s secret on-the-fly:
kubectl get secret <name-of-the-secret> -o yaml | secode -d