Back
Blog

Editing Kubernetes Secrets Inline

Jul 12, 2020

By Austin Vance

Share:
  • linkedin
  • facebook
  • instagram
  • twitter

We work a lot with Kubernetes and when you're working with Secrets it can be a total pain to edit them. A standard workflow can be something like.

# Grab the existing secret
kubectl get secret some-secret -o yaml > some-secret.yaml

# Grab the existing secret
kubectl get secret some-secret \
  -o jsonpath='{ .data.secret }' \
  | base64 -D > thesecert.txt

# Edit the secret
vim thesecret.txt

# Grab the new secret and put it into the secret file
# and apply it to the cluster
cat thesecret.txt | base64 | pbcopy
vim some-secret.yaml # paste in your b64 encoded secret
kubectl apply -f some-secret.yaml

That's not a great user experience and what if you wanted to use kubectl edit?

There's a bit of vim foo you can use to edit the secret in line.

kubectl edit secret some-secret

# navigate to the base64 encoded secret
# place your cursor on the space between the ":"
# and the first character of the secret
# hit `r <enter>` this replaces the space
# with a new line

# move your cursor down one line to the secret
# in the command prompt `:. ! base64 -D`

# Edit your secret

# in the command prompt `:. ! base64`
# if your secret is multiline you can 
# use `:<startline>,<endline> ! base64`
# or you can highlight the lines in visual
# mode and use `:! base64`

# Join the lines by moving back up the secret key
# and hitting `J`

# Then write quit `:wq`
# you should see this as output
# `secret/some-secret edited`

Editing a secret inline

And if you want to edit a multiline secret say one that was created from a file. Rather than base64 encoding the current line using :. you can use a range of line numbers :13,84 ! base64 and you will encode all those lines together inclusive of line 84.

Update

I wanted to add one more tip here - pesky new lines.

If you're editing a secret and you use . ! base64 you will end up with a newline character at the end of your secret. If that's ok... cool if not you can use tr to clean it out

. ! tr -d '\n' | base64
Back to Explore Focused Lab
/Contact us

Let’s build better software together