Now let's assume we want to read from a secret called mysecret
. The terminology might be a little bit tricky, so I'll try to explain. In Kubernetes, "secret" refers to the Secret
object, and Secret
objects can be composed of multiple pieces of sensitive information. In this demo, mysecret
includes both a username
and password
.
So first we'll locate our secret:
$ kubectl get secrets
NAME TYPE DATA AGE
mysecret Opaque 2 2d
And there's our secret. We can also confirm it has two pieces of data (presumably username and password).
Now let's describe the secret:
$ kubectl describe secret mysecret
Name: mysecret
Namespace: default
Labels: <none>
Annotations:
Type: Opaque
Data
====
username: 20 bytes
password: 20 bytes
Ok. So we've got our secret with the username
and password
data.
Now, if we use kubectl get
and set the output to yaml, we'll see the base64 encoded secret data.
$ k get secret mysecret -o yaml
apiVersion: v1
data:
username: YWJjZGVmZ2hpamtsbW5vcHFyc3QK
password: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAK
...
Now to see the output in plain text you can simply copy the base64 encoded string, and decode it:
$ echo "YWJjZGVmZ2hpamtsbW5vcHFyc3QK" | base64 --decode
abcdefghijklmnopqrst