ksec is an easy-to-use tool to find, sort and decode your Kubernetes secrets. It supports Helm versioning. No crazy combination of grep/yq/base64 anymore.
Set up your $GOPATH, then run:
go get github.com/mathieumailhos/ksec
ksec [OPTIONS] <secret> [KEY]
This example retrieves the latest deployed secret that contains mysql and find all data keys with pass:
$ ksec mysql pass
DATA_DB_MYSQL_PASSWORD: r4nd0mP4ss
USER_DB_MYSQL_PASSWORD: pa$$w0rd123
--namespace <namespace name>
--label <kubernetes label>
--selector <kubernetes selector>
--type <secret type (ex: Opaque)>
--color
--out [env,yaml,json]
--metadata
Taken an input, here is the ordered list of rules:
- Return if ksec finds an exact match (
my-unique-object) - Return the latest version if the input is versioned (
my-object-5) - Else: return the list of matchs to allow the user to rerun the command
Known issues:
- Fix --color for json output
Potential incoming features:
- Improve argopt (ex: print Usage...)
- Add an option to also print the configmap related to the found secret
- Get all secrets found in a deployment
- Any other idea? Please open an issue