Get K8s secrets
In this guide, I assume the following:
- You have using Amazon Elastic Kubernetes Service (EKS) to manage K8s clusters
- Although the steps to fetch the secrets would be same regardless of the technology behind your K8s clusters
- You have the following CLI tools installed:
- AWS CLI v2 (if you are using EKS)
kubectljq
Here are the steps to fetch secrets from a K8s cluster:
-
Update
kube.configfile with the appropriate cluster name. The<profile-name>would be the name of the local aws profile. If you do not have a specific profile, you may skip it, andawswill pick up thedefaultprofile.aws cli aws --profile <profile-name> eks update-kubeconfig --name <cluster-name> -
Verify if the k8s context was correctly updated. The above command should output the ARN of the EKS cluster
Terminal window kubectl config current-context -
Fetch desired k8s secret and output in the form of JSON
Terminal window kubectl get secret <secret-name> -n <namespace> -o json -
Pass the above output to jq for better deserialization
Terminal window kubectl get secret <secret-name> -n <namespace> -o json | jq -r . -
Pass the encoded secret value to base64 to get the decoded value
Terminal window kubectl get secret <secret-name> -n <namespace> -o json | jq -r ."<key-1>"."<key-2>" | base64 -d