Kubernetes CLI plugin to decode Kubernetes secrets
License: MIT License
Hi, I'm Jonas. I like ๐ง and ๐.
Currently, I work @Snowflake in the Platform team. In my spare time I ๐จโ๐ป stuff mostly in Go and contribute to all things Kubernetes.
You can follow me on GitHub (obviously), Twitter or bookmark my personal website ๐.
Command kubectl view-secret secret-name -a prints the secret keys and their values per line, delimited by = which makes it shell compatible but not always
so secret keys with multiline values or special characters are printed as is, which makes it impossible to always run source <(kubectl view-secret cluster-configs -a)
escaping will bring us the advantage of directly declaring them in shell as well
Investigate how changing the encoding from URLEncoding to StdEncoding affects the various types of secrets
Hi, thanks for the plugin. I would like to check, is there any rational for the trimSpaces? Can we remove it ?
https://github.com/elsesiy/kubectl-view-secret/blob/v0.12.0/pkg/cmd/view-secret.go#L178
Hi. I see that this plugin has apple m1 support by #21
But installation fails:
โฏ kubectl krew install view-secret
Updated the local copy of plugin index.
Installing plugin: view-secret
W0523 02:17:40.791955 47529 install.go:164] failed to install plugin "view-secret": plugin "view-secret" does not offer installation for this platform
F0523 02:17:40.792015 47529 root.go:79] failed to install some plugins: [view-secret]: plugin "view-secret" does not offer installation for this platform
โฏ kubectl krew info view-secret
NAME: view-secret
INDEX: default
VERSION: v0.8.0
HOMEPAGE: https://github.com/elsesiy/kubectl-view-secret
DESCRIPTION:
Base64 decode by key or all key/value pairs in a given secret.
...
It would be great if the user could just kubectl view-secret <Tab><Tab> to get a list of secrets as completion suggestions.
Depends on kubernetes/kubernetes#74178
As inquiried in #4, the plugin should support setting a custom context.
Update to latest go toolchain
Please add binaries for new M1 Apple silicon.
$ kubectl view-secret default-token-5pgsw
Error: unknown command "view-secret" for "kubectl"
Run 'kubectl --help' for usage.
$ kubectl view secret default-token-5pgsw
Multiple sub keys found. Specify another argument, one of:
-> ca.crt
-> namespace
-> token
$ kubectl version --short
Client Version: v1.16.2
Are you sure the command is view-secret?
Update go toolchain and dependencies
Travis changes their OSS policy, see https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing.
Hence, migration to GitHub Actions is in order
Update go toolchain and dependencies
When decoding a secret, view-secret should not add a newline, as this changes the content in the secret. For example, when storing a password, it makes a difference if the string is my-password or my-password\n
See
kubectl-view-secret/pkg/cmd/view-secret.go
Line 120 in f4fac7a
Also, when decoding all key/value pairs in a secret, it would be nice to separate those visually by an extra newline between the entries.
There are cases in which a secret is empty which currently panics
Hey!
I have created an AUR package of the binary of the plugin https://aur.archlinux.org/packages/kubectl-view-secret-bin. If you want to add it to the readme feel free!
Update go toolchain and dependencies
I'm almost always using view-secret with this command:
kubectl view-secret <name> --all | sort | grep "\S"that is because the view-secret output has empty lines and keeps keys unordered.
I hope we can support sort keys and without empty lines as default for better usability and portability(like windows support).
Update to latest go version & rev dependencies
Adding support for impersonation of groups by passing --as-group through to kubectl exec/get secret cli. We use impersonation as cluster-admins to elevate access to cluster secrets and cluster exec, kubectl supports this with the --as-group flag and supporting this in view-secret makes this much easier to utilize with kubernetes RBAC.
kubectl view-secret --as=pratikkumar.mohite --as-group=system:masters default-secret
Error: unknown flag: --as-groupFor simple type de-serialization from JSON, there's a few libraries that perform a lot better than stdlib. While there's the caveat of a new external dependency, the anticipated performance gains especially for large secret objects outweigh the costs IMO
As inquired in #10 the plugin should be able to pass through a user-provided kubeconfig file
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.