We work a lot with Kubernetes and when you're working with Secrets
it can be a total pain to edit them. A standard workflow can be something like.
# Grab the existing secret
kubectl get secret some-secret -o yaml > some-secret.yaml
# Grab the existing secret
kubectl get secret some-secret \
-o jsonpath='{ .data.secret }' \
| base64 -D > thesecert.txt
# Edit the secret
vim thesecret.txt
# Grab the new secret and put it into the secret file
# and apply it to the cluster
cat thesecret.txt | base64 | pbcopy
vim some-secret.yaml # paste in your b64 encoded secret
kubectl apply -f some-secret.yaml
That's not a great user experience and what if you wanted to use kubectl edit
?
There's a bit of vim foo you can use to edit the secret in line.
kubectl edit secret some-secret
# navigate to the base64 encoded secret
# place your cursor on the space between the ":"
# and the first character of the secret
# hit `r <enter>` this replaces the space
# with a new line
# move your cursor down one line to the secret
# in the command prompt `:. ! base64 -D`
# Edit your secret
# in the command prompt `:. ! base64`
# if your secret is multiline you can
# use `:<startline>,<endline> ! base64`
# or you can highlight the lines in visual
# mode and use `:! base64`
# Join the lines by moving back up the secret key
# and hitting `J`
# Then write quit `:wq`
# you should see this as output
# `secret/some-secret edited`
And if you want to edit a multiline secret say one that was created from a file. Rather than base64
encoding the current line using :.
you can use a range of line numbers :13,84 ! base64
and you will encode all those lines together inclusive of line 84.
Update
I wanted to add one more tip here - pesky new lines.
If you're editing a secret and you use . ! base64
you will end up with a newline character at the end of your secret. If that's ok... cool if not you can use tr
to clean it out
. ! tr -d '\n' | base64
Back to Explore Focused Lab