How to edit secrets in kubernetes nicely?

Question

I'd like to edit my secrets. The only way I'm aware of is kubectl edit secret mysecret which gets me yaml blob to edit. However, all secrets are base64 encoded which isn't an easy way to edit them.

Can I mount secrets to local volume somehow? Can I extract secrets to my localhost and edit them there? And lastly, can I edit some way to get plaintext keys/values (or just one key) instead of base64 encoded values.

P.S. Can I see secret keys easily with kubectl? With edit I see them, but when I'm only interested in keys, not the values.

Answer 1

I would highly recommend on using k9s (not only for this purpose, but also as a lightweight k8s CLI management tool).

As you can see below (ignore all white placeholders), when your cluster's context is set on terminal you just type k9s and you will hit a nice terminal where you can inspect all cluster resources.

Just type ":" and enter the resource name (secrets in this case) which will appear in the middle of screen.

Then you can choose a secret with the up and down arrows and type e to edit it (green arrow):

Answer 2

We use https://github.com/bq/k8s-secret-editor - it works great! It's a little behind but I've been using with Kubernetes 1.8 without issue.

Answer 3

Unfortunately no, the problem you describe is something you just have to deal with "on the side" by decoding/encoding base64 content on your own.

There are ways to simplify this by using templating for resources (ie. via helm charts), but that involves storing the raw secret in some other way and just applying changes from "source" rather then do an edit.