Decoding Kubernetes secrets, without the kubectl gymnastics
Kubernetes stores every Secret value Base64-encoded under the data: key. Reading
one value from the CLI means remembering jsonpath syntax and piping through
base64 -d; reading five values means doing it five times. This tool takes the
whole kubectl get secret -o yaml output (or JSON) and decodes every key in one
paste — stringData entries are shown as-is, and non-text binary values are
flagged instead of shown as garbage.
The Create secret tab works in reverse: enter plain KEY=value
pairs and get a ready-to-apply manifest with correctly encoded values (no trailing-newline
bugs), plus the equivalent kubectl create secret generic one-liner.
Remember: Base64 is not security
Anyone with get secret RBAC permission can decode these values — as this page
demonstrates. Protect real credentials with etcd encryption at rest, least-privilege RBAC,
and tools like Sealed Secrets, SOPS, or External Secrets Operator.