A kubectl plugin for finding decoded secret data with productive search flags.

Overview

kubectl-secret-data

What is it?

This is a kubectl plugin for finding decoded secret data. Since kubectl outputs base64-encoded secrets basically, it makes it difficult to check the secret value. And searching secrets also is difficult. This CLI helps checking secret value and finding a decoded secret data you want with productive search flags.

Usage

A kubectl plugin for finding decoded secret data.

Usage:
  kubectl-secret-data [flags]

Flags:
  -A, --all-namespaces            If present, find secrets from all namespaces
      --cluster string            The name of the kubeconfig context to use
      --context string            The name of the kubeconfig cluster to use
  -h, --help                      help for kubectl-secret-data
      --kubeconfig string         Path to the kubeconfig file to use for CLI requests
  -m, --multi-namespaces string   The multi namespacess separated by "," where secrets exist.
  -n, --namespace string          The namespaces where secrets exist
  -o, --output string             The format of the result (default "yaml")
  -E, --regex string              The regular expression of secret name

Example

List all secret data in ns-1 in yaml(default).

kubectl-secret-data -n ns-1
# OR
kubectl-secret-data -n ns-1 -o yaml
Output
ns-1: # Namespace
  - private-data-a: # Secrete Name
      password: lkiugubau # Secret Data Key
      user: smith
  - private-data-b:
      password: hiahgeoawngleawngaw
      user: bob
  - super-private-data-a:
      password: hoge
      user: foo
  - super-private-data-b:
      password: fuga
      user: bar

List all secret data in ns-1 in json.

kubectl-secret-data -n ns-1 -o json
Output
{
  "ns-1": [
    {
      "private-data-a": {
        "password": "lkiugubau",
        "user": "smith"
      }
    },
    {
      "private-data-b": {
        "password": "hiahgeoawngleawngaw",
        "user": "bob"
      }
    },
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ]
}

List all secret data in ns-1 and ns-2 in json. You can specify multiple namespace.

kubectl-secret-data -m ns-1,ns-2 -o json
#OR
kubectl-secret-data --multi-namespaces ns-1,ns-2 -o json
Output
{
  "ns-1": [
    {
      "private-data-a": {
        "password": "lkiugubau",
        "user": "smith"
      }
    },
    {
      "private-data-b": {
        "password": "hiahgeoawngleawngaw",
        "user": "bob"
      }
    },
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ],
  "ns-2": [
    {
      "important-value-x": {
        "password": "abcd",
        "user": "sam"
      }
    },
    {
      "important-value-y": {
        "password": "xyz",
        "user": "alice"
      }
    }
  ]
}

List secret data by matching regex in ns-1 in json.

kubectl-secret-data -n ns-1 -E "^super-.*"
Output
{
  "ns-1": [
    {
      "super-private-data-a": {
        "password": "hoge",
        "user": "foo"
      }
    },
    {
      "super-private-data-b": {
        "password": "fuga",
        "user": "bar"
      }
    }
  ]
}

Installing

Pre-built binaries

See the release page for the full list of pre-built assets.

Linux

curl -L -o kubectl-secret-data.tar.gz https://github.com/kskumgk63/kubectl-secret-data/releases/download/v0.3.1/kubectl-secret-data_0.3.1_Linux_arm64.tar.gz
tar -xvf kubectl-secret-data.tar.gz
mv kubectl-secret-data /usr/local/bin/kubectl-secret-data

OSX

curl -L -o kubectl-secret-data.tar.gz https://github.com/kskumgk63/kubectl-secret-data/releases/download/v0.3.1/kubectl-secret-data_0.3.1_Darwin_arm64.tar.gz
tar -xvf kubectl-secret-data.tar.gz
mv kubectl-secret-data /usr/local/bin/kubectl-secret-data

Source

go get github.com/kskumgk63/kubectl-secret-data
Issues
  • Unable to verify integrity of package

    Unable to verify integrity of package

    Hi @kei6u , we tried out this package and it works very well. Thanks for putting it together. When we install it via krew it states the following in bright red

    WARNING: You installed plugin "secretdata" from the krew-index plugin repository. These plugins are not audited for security by the Krew maintainers. Run them at your own risk.

    This is a problem for us. I wonder if there is any way to begin performing security auditing on the plugin? This way more people may have confidence in using it...

    Again, thanks for putting the project together. Please don't take this as a criticism. It is just a concern when we are dealing with sensitive data.

    opened by lewismc 3
  • Can't get json output for all namespace

    Can't get json output for all namespace

    Hi there,

    I've installed the secretdata successfully. However, when I run the first command, it failed. Could you please have a look? Thank you.

    kubectl secretdata -A -o json
    panic: interface conversion: interface {} is nil, not map[string]interface {}
    
    goroutine 1 [running]:
    main.getSecretData({0x1aceb70, 0xc0001beac0})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:216 +0x368
    main.(*Options).Run(0xc0002420c0, {0x1b19d40, 0xc00069cd00})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:169 +0xf6
    main.NewCmd.func1(0xc000344500, {0xc000705170, 0x3, 0x3})
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/options.go:70 +0x68
    github.com/spf13/cobra.(*Command).execute(0xc000344500, {0xc000138050, 0x3, 0x3})
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x5f8
    github.com/spf13/cobra.(*Command).ExecuteC(0xc000344500)
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bc
    github.com/spf13/cobra.(*Command).Execute(...)
            /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
    main.main()
            /home/runner/work/kubectl-secretdata/kubectl-secretdata/main.go:9 +0x1e
    
    opened by zhangxd926 2
  • v1 release

    v1 release

    • Add goreleaser to GitHub Actions.
    • Refactor the whole of source code to simplify logic and implement unit tests.
    • Support flags from kubectl options.
    • Support --selector, -l flag to filter secrets.
    • Enhance the command help.
    opened by keisku 0
  • Fix a command option name to be consistent with kubectl

    Fix a command option name to be consistent with kubectl

    kubectl-secret-data has a option --all-namespace, but it should be --all-namespaces because it is more consistent with kubectl. The difference of trailing "s" might confuse users who are used to the kubectl.

    kubectl uses --all-namespaces like below:

    $ kubectl get -h | grep all-namespace
     Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.
      -A, --all-namespaces=false: If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
    
    opened by hidetatz 0
  • Add `--multi-namespaes` `-m` flags for compatibility of `kubectl`

    Add `--multi-namespaes` `-m` flags for compatibility of `kubectl`

    Why

    -n flag accepts multiple namespaces, but it break the kubectl compatibility.

    What

    I added multi-namespaces -m flags to support finding secret data from multiple namespaces and prioritize the kubectl compatibility.

    I updated docs according to this change.

    opened by keisku 0
Releases(v1.0.6)
Owner
Keisuke Umegaki
Keisuke Umegaki
kubectl-fzf provides a fast and powerful fzf autocompletion for kubectl

Kubectl-fzf kubectl-fzf provides a fast and powerful fzf autocompletion for kubectl. Table of Contents Kubectl-fzf Table of Contents Features Requirem

null 1 Nov 3, 2021
Kubectl golang - kubectl krew template repo

kubectl krew template repo There's a lot of scaffolding needed to set up a good

geodis 0 Jan 11, 2022
Kubectl Locality Plugin - A plugin to get the locality of pods

Kubectl Locality Plugin - A plugin to get the locality of pods

John Howard 6 Nov 18, 2021
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark

ksniff A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster. You get the full power of

Eldad Rudich 2.3k Jul 30, 2022
kubectl plugin for signing Kubernetes manifest YAML files with sigstore

k8s-manifest-sigstore kubectl plugin for signing Kubernetes manifest YAML files with sigstore ⚠️ Still under developement, not ready for production us

sigstore 37 Jul 1, 2022
A 'kubectl' plugin for interacting with Clusternet.

kubectl-clusternet A kubectl plugin for interacting with Clusternet. Installation Install With Krew kubectl-clusternet can be installed using Krew, pl

Clusternet 11 May 27, 2022
Kubectl plugin to run curl commands against kubernetes pods

kubectl-curl Kubectl plugin to run curl commands against kubernetes pods Motivation Sending http requests to kubernetes pods is unnecessarily complica

Segment 154 Aug 4, 2022
A kubectl plugin for getting endoflife information about your cluster.

kubectl-endoflife A kubectl plugin that checks your clusters for component compatibility and Kubernetes version end of life. This plugin is meant to a

Ross Edman 3 Jul 21, 2022
A kubectl plugin to evict pods

kubectl-evict A kubectl plugin to evict pods. This plugin is good to remove a pod from your cluster or to test your PodDistruptionBudget. ?? Installat

Shin'ya Ueoka 11 Jul 25, 2022
kubectl plugin for generating nginx-ingress compatible basic-auth secrets on kubernetes clusters

kubectl-htpasswd kubectl plugin for easily generating hashed basic auth secrets. Supported hash algorithms bcrypt Examples Create the secret on the cl

Christian Rebischke 16 Jul 17, 2022
🦥 kubectl plugin to easy to view pod

kubectl-lazy Install curl -sSL https://mirror.ghproxy.com/https://raw.githubusercontent.com/togettoyou/kubectl-lazy/main/install.sh | bash Or you can

寻寻觅觅的Gopher 7 Jun 20, 2022
A kubectl plugin to query multiple namespace at the same time.

kubemulti A kubectl plugin to query multiple namespace at the same time. $ kubemulti get pods -n cdi -n default NAMESPACE NAME

R0CKSTAR 3 Mar 1, 2022
A very simple, silly little kubectl plugin / utility that guesses which language an application running in a kubernetes pod was written in.

A very simple, silly little kubectl plugin / utility that guesses which language an application running in a kubernetes pod was written in.

Tom Granot 2 Mar 9, 2022
Kubectl plugin shows pod x node matrix with suitable colors to mitigate troubleshooting effort.

kubectl-pod-node-matrix WORK IN PROGRESS!! This plugin shows pod x node matrix with suitable colors to mitigate troubleshooting effort. Details Troubl

Arda Güçlü 2 May 11, 2022
A kubectl plugin for easier query and operate k8s cluster.

kube-query A kubectl plug-in that makes it easier to query and manipulate K8S clusters. (what is kubectl plug-in ?) Kube-query support some resource s

Shadow-L 14 Jun 9, 2022
Mattermost outline plugin allows you to search your teams documents.

mattermost-plugin-outline Mattermost Outline plugin allows you to search your teams documents. Installation In Mattermost 5.16 and later, this plugin

Lujeni 7 Nov 10, 2021
colorizes kubectl output

kubecolor Colorize your kubectl output get pods describe pods something wrong You can change color theme for light-backgrounded environment What's thi

Hidetatsu Yaginuma 856 Aug 2, 2022
kubetnl tunnels TCP connections from within a Kubernetes cluster to a cluster-external endpoint, e.g. to your local machine. (the perfect complement to kubectl port-forward)

kubetnl kubetnl (kube tunnel) is a command line utility to tunnel TCP connections from within a Kubernetes to a cluster-external endpoint, e.g. to you

null 4 Nov 16, 2021
This is kubectl-plugins repository

golang CLI Template golang project template for building CLI Setup Setup by Command git clone https://github.com/mpppk/cli-template your_awesome_tool

Armin 0 Dec 20, 2021