We work a lot with Kubernetes and when you're working with Secrets it can be a total pain to edit them. A standard workflow can be something like.
# Grab the existing secret
kubectl get secret some-secret -o yaml > some-secret.yaml
# Grab the existing secret
kubectl get secret some-secret \
-o jsonpath='{ .data.secret }' \
| base64 -D > thesecert.txt
# Edit the secret
vim thesecret.txt
# Grab the new secret and put it into the secret file
# and apply it to the cluster
cat thesecret.txt | base64 | pbcopy
vim some-secret.yaml # paste in your b64 encoded secret
kubectl apply -f some-secret.yaml
That's not a great user experience and what if you wanted to use kubectl edit?
There's a bit of vim foo you can use to edit the secret in line.
kubectl edit secret some-secret
# navigate to the base64 encoded secret
# place your cursor on the space between the ":"
# and the first character of the secret
# hit `r <enter>` this replaces the space
# with a new line
# move your cursor down one line to the secret
# in the command prompt `:. ! base64 -D`
# Edit your secret
# in the command prompt `:. ! base64`
# if your secret is multiline you can
# use `:<startline>,<endline> ! base64`
# or you can highlight the lines in visual
# mode and use `:! base64`
# Join the lines by moving back up the secret key
# and hitting `J`
# Then write quit `:wq`
# you should see this as output
# `secret/some-secret edited`
And if you want to edit a multiline secret say one that was created from a file. Rather than base64 encoding the current line using :. you can use a range of line numbers :13,84 ! base64 and you will encode all those lines together inclusive of line 84.
edit: added info about multiline secrets
Update
I wanted to add one more tip here - pesky new lines.
If you're editing a secret and you use . ! base64 you will end up with a newline character at the end of your secret. If that's ok... cool if not you can use tr to clean it out
. ! tr -d '\n' | base64
Top comments (15)
Great tip. Didn't know about this 👍🏼
Thanks! Helpful in the CKA(D) too
Yeah totally. I am just on my journey preparing for CKAD
Good luck we are studying for it as a team right now
I am also preparing for CKAD. Please add me in :)
Tip: I have a base64 Vim plugin installed that makes this even easier! Just
kubectl edit...and then encode/decode from within Vim. No other commands needed.The plugin does this under the hood if you checkout the auto load file.
Personally like to avoid plugins if it’s easy enough to learn so I can edit in any environment or on a server without feeling hamstrung
Nice tip.
For a bit more convenience (so you don't have to edit or move the text to a new line):
:help <cword>and:help <cWORD>for more informationFor even more convenience, this can be converted into a reusable function:
Now, you can call it with
:call B64ify()Lastly, you can map this function to a command and/or keybinding for maximum convenience:
This can also be reversed very easily by copying the function and replacing
base64withbase64 -d.Here is a final demo:
The final config:
Nice tip - I love the
<cWORD>approach to a lot of things. One limitation is<cWORD>uses vi's word selection. If my secret is a multiline certificate, the contents of a yaml file, or has special characters this won't work.That's true.
If you want to visually select the text to pass to an external program, by default vim passes whole lines (e.g.
:'<,'> ! base64) , but vis.vim plugin might help (e.g.:'<,'>B ! base64).Can you please tell me about this interactive presentation display you used for showing commands?
Hey, I have been using Terminalizer github.com/faressoft/terminalizer. I also have used asciinema.org/ which does web players rather than gifs.
Thank you!!!
Thats very useful! Thanks for sharing ♥️
Of course thanks for reading