kubectl vs k9s
kubectl — secrets are base64-encoded (not encrypted, just for binary-safe storage)k9s — auto-decodes base64, use :secrets to browse
List secrets
kubectl get secrets -n <namespace>
kubectl get secrets --all-namespaces | grep <name>
Decode a specific key
kubectl get secret <name> -o jsonpath='{.data.password}' | base64 --decode && echo
Decode all keys at once
kubectl get secret <name> -o json | jq '.data | map_values(@base64d)'
Set default namespace
kubectl config set-context --current --namespace=ev
# verify
kubectl config view --minify | grep namespace
Check permissions
kubectl auth can-i get secrets -n <namespace>
See also
- k9s — browse secrets interactively with auto base64 decode
- dev-setup — kubeconfig and context setup