A kubectl plugin for finding decoded secret data with productive search flags.

kubectl-secret-data

What is it?

This is a kubectl plugin for finding decoded secret data. Since kubectl only outputs base64-encoded secrets, it makes it difficult to check the secret value. It helps finding a decoded secret data you want with productive search flags.

Usage

A kubectl plugin for finding decoded secret data.

Usage:
  kubectl-secret-data [flags]

Flags:
  -A, --all-namespace             If present, find secrets from all namespaces
      --cluster string            The name of the kubeconfig context to use
      --context string            The name of the kubeconfig cluster to use
  -h, --help                      help for kubectl-secret-data
      --kubeconfig string         Path to the kubeconfig file to use for CLI requests
  -m, --multi-namespaces string   The multi namespacess separated by "," where secrets exist.
  -n, --namespace string          The namespaces where secrets exist
  -o, --output string             The format of the result (default "yaml")
  -E, --regex string              The regular expression of secret name

Example

List all secret data in ns-1 in yaml(default).

kubectl-secret-data -n ns-1
# OR
kubectl-secret-data -n ns-1 -o yaml
Output
ns-1: # Namespace
  - private-data-a: # Secrete Name
      password: lkiugubau # Secret Data Key
      user: smith
  - private-data-b:
      password: hiahgeoawngleawngaw
      user: bob
  - super-private-data-a:
      password: hoge
      user: foo
  - super-private-data-b:
      password: fuga
      user: bar

List all secret data in ns-1 in json.

kubectl-secret-data -n ns-1 -o json
Output
{
  "ns-1": [
    {
      "private-data-a": {
        "password": "lkiugubau",
        "user": "smith"
      }
    },
    {
      "private-data-b": {
        "password": "hiahgeoawngleawngaw",
        "user": "bob"
      }
    },
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ]
}

List all secret data in ns-1 and ns-2 in json. You can specify multiple namespace.

kubectl-secret-data -m ns-1,ns-2 -o json
#OR
kubectl-secret-data --multi-namespaces ns-1,ns-2 -o json
Output
{
  "ns-1": [
    {
      "private-data-a": {
        "password": "lkiugubau",
        "user": "smith"
      }
    },
    {
      "private-data-b": {
        "password": "hiahgeoawngleawngaw",
        "user": "bob"
      }
    },
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ],
  "ns-2": [
    {
      "important-value-x": {
        "password": "abcd",
        "user": "sam"
      }
    },
    {
      "important-value-y": {
        "password": "xyz",
        "user": "alice"
      }
    }
  ]
}

List secret data by matching regex in ns-1 in json.

kubectl-secret-data -n ns-1 -E "^super-.*"
Output
{
  "ns-1": [
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ]
}

Installing

Pre-built binaries

See the release page for the full list of pre-built assets.

Linux

curl -L -o kubectl-secret-data.tar.gz https://github.com/kskumgk63/kubectl-secret-data/releases/download/v0.2.0/kubectl-secret-data_0.2.0_Linux_arm64.tar.gz
tar -xvf kubectl-secret-data.tar.gz
mv kubectl-secret-data /usr/local/bin/kubectl-secret-data

OSX

curl -L -o kubectl-secret-data.tar.gz https://github.com/kskumgk63/kubectl-secret-data/releases/download/v0.2.0/kubectl-secret-data_0.2.0_Darwin_arm64.tar.gz
tar -xvf kubectl-secret-data.tar.gz
mv kubectl-secret-data /usr/local/bin/kubectl-secret-data

Source

go get github.com/kskumgk63/kubectl-secret-data
Comments
  • Unable to verify integrity of package

    Unable to verify integrity of package

    Hi @kei6u , we tried out this package and it works very well. Thanks for putting it together. When we install it via krew it states the following in bright red

    WARNING: You installed plugin "secretdata" from the krew-index plugin repository. These plugins are not audited for security by the Krew maintainers. Run them at your own risk.

    This is a problem for us. I wonder if there is any way to begin performing security auditing on the plugin? This way more people may have confidence in using it...

    Again, thanks for putting the project together. Please don't take this as a criticism. It is just a concern when we are dealing with sensitive data.

  • Can't get json output for all namespace

    Can't get json output for all namespace

    Hi there,

    I've installed the secretdata successfully. However, when I run the first command, it failed. Could you please have a look? Thank you.

    kubectl secretdata -A -o json
    panic: interface conversion: interface {} is nil, not map[string]interface {}
    
    goroutine 1 [running]:
    main.getSecretData({0x1aceb70, 0xc0001beac0})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:216 +0x368
    main.(*Options).Run(0xc0002420c0, {0x1b19d40, 0xc00069cd00})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:169 +0xf6
    main.NewCmd.func1(0xc000344500, {0xc000705170, 0x3, 0x3})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:70 +0x68
    github.com/spf13/cobra.(*Command).execute(0xc000344500, {0xc000138050, 0x3, 0x3})
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x5f8
    github.com/spf13/cobra.(*Command).ExecuteC(0xc000344500)
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bc
    github.com/spf13/cobra.(*Command).Execute(...)
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
    main.main()
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/main.go:9 +0x1e
    
  • v1 release

    v1 release

    • Add goreleaser to GitHub Actions.
    • Refactor the whole of source code to simplify logic and implement unit tests.
    • Support flags from kubectl options.
    • Support --selector, -l flag to filter secrets.
    • Enhance the command help.
  • Fix a command option name to be consistent with kubectl

    Fix a command option name to be consistent with kubectl

    kubectl-secret-data has a option --all-namespace, but it should be --all-namespaces because it is more consistent with kubectl. The difference of trailing "s" might confuse users who are used to the kubectl.

    kubectl uses --all-namespaces like below:

    $ kubectl get -h | grep all-namespace
     Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.
      -A, --all-namespaces=false: If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
    
  • Add `--multi-namespaes` `-m` flags for compatibility of `kubectl`

    Add `--multi-namespaes` `-m` flags for compatibility of `kubectl`

    Why

    -n flag accepts multiple namespaces, but it break the kubectl compatibility.

    What

    I added multi-namespaces -m flags to support finding secret data from multiple namespaces and prioritize the kubectl compatibility.

    I updated docs according to this change.

kubectl-fzf provides a fast and powerful fzf autocompletion for kubectl
kubectl-fzf provides a fast and powerful fzf autocompletion for kubectl

Kubectl-fzf kubectl-fzf provides a fast and powerful fzf autocompletion for kubectl. Table of Contents Kubectl-fzf Table of Contents Features Requirem

Nov 3, 2021
Kubectl golang - kubectl krew template repo

kubectl krew template repo There's a lot of scaffolding needed to set up a good

Jan 11, 2022
Kubectl Locality Plugin - A plugin to get the locality of pods

Kubectl Locality Plugin - A plugin to get the locality of pods

Nov 18, 2021
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark

ksniff A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster. You get the full power of

Jan 4, 2023
kubectl plugin for signing Kubernetes manifest YAML files with sigstore
kubectl plugin for signing Kubernetes manifest YAML files with sigstore

k8s-manifest-sigstore kubectl plugin for signing Kubernetes manifest YAML files with sigstore ⚠️ Still under developement, not ready for production us

Nov 28, 2022
A 'kubectl' plugin for interacting with Clusternet.

kubectl-clusternet A kubectl plugin for interacting with Clusternet. Installation Install With Krew kubectl-clusternet can be installed using Krew, pl

Aug 14, 2022
Kubectl plugin to run curl commands against kubernetes pods

kubectl-curl Kubectl plugin to run curl commands against kubernetes pods Motivation Sending http requests to kubernetes pods is unnecessarily complica

Dec 22, 2022
A kubectl plugin for getting endoflife information about your cluster.
A kubectl plugin for getting endoflife information about your cluster.

kubectl-endoflife A kubectl plugin that checks your clusters for component compatibility and Kubernetes version end of life. This plugin is meant to a

Jul 21, 2022
A kubectl plugin to evict pods

kubectl-evict A kubectl plugin to evict pods. This plugin is good to remove a pod from your cluster or to test your PodDistruptionBudget. ?? Installat

Dec 7, 2022
kubectl plugin for generating nginx-ingress compatible basic-auth secrets on kubernetes clusters

kubectl-htpasswd kubectl plugin for easily generating hashed basic auth secrets. Supported hash algorithms bcrypt Examples Create the secret on the cl

Jul 17, 2022
🦥 kubectl plugin to easy to view pod

kubectl-lazy Install curl -sSL https://mirror.ghproxy.com/https://raw.githubusercontent.com/togettoyou/kubectl-lazy/main/install.sh | bash Or you can

Oct 13, 2022
A kubectl plugin to query multiple namespace at the same time.

kubemulti A kubectl plugin to query multiple namespace at the same time. $ kubemulti get pods -n cdi -n default NAMESPACE NAME

Mar 1, 2022
A very simple, silly little kubectl plugin / utility that guesses which language an application running in a kubernetes pod was written in.

A very simple, silly little kubectl plugin / utility that guesses which language an application running in a kubernetes pod was written in.

Mar 9, 2022
Kubectl plugin shows pod x node matrix with suitable colors to mitigate troubleshooting effort.

kubectl-pod-node-matrix WORK IN PROGRESS!! This plugin shows pod x node matrix with suitable colors to mitigate troubleshooting effort. Details Troubl

May 11, 2022
A kubectl plugin for easier query and operate k8s cluster.
A kubectl plugin for easier query and operate k8s cluster.

kube-query A kubectl plug-in that makes it easier to query and manipulate K8S clusters. (what is kubectl plug-in ?) Kube-query support some resource s

Jun 9, 2022
Mattermost outline plugin allows you to search your teams documents.
Mattermost outline plugin allows you to search your teams documents.

mattermost-plugin-outline Mattermost Outline plugin allows you to search your teams documents. Installation In Mattermost 5.16 and later, this plugin

Dec 7, 2022
colorizes kubectl output
colorizes kubectl output

kubecolor Colorize your kubectl output get pods describe pods something wrong You can change color theme for light-backgrounded environment What's thi

Jan 8, 2023
kubetnl tunnels TCP connections from within a Kubernetes cluster to a cluster-external endpoint, e.g. to your local machine. (the perfect complement to kubectl port-forward)

kubetnl kubetnl (kube tunnel) is a command line utility to tunnel TCP connections from within a Kubernetes to a cluster-external endpoint, e.g. to you

Dec 16, 2022
This is kubectl-plugins repository
This is kubectl-plugins repository

golang CLI Template golang project template for building CLI Setup Setup by Command git clone https://github.com/mpppk/cli-template your_awesome_tool

Dec 20, 2021