OpenShift - List Secrets using the oc get secrets command

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

There are different ways to configure a container with environment variables.

A config map contains files, variables, and command line options that can be used by one or more applications, as a way to create separation between applications and the files, variables, and command line options being used by the applications.

Or, a secret can be used, so that the data is encoded (not encrypted).

For example, a config map could contain the variable foo=Hello or a secret could contain foo=V29ybGQ= (which is Hello base 64 encoded), and then one or more pods could use the config map or secret to return Hello from the foo key.

The oc get secrets command can be used the list the secrets in the currently selected project / namespace.

TIP

The -A or --all-namespaces flag can be used to list the secrets in every project / namespace.

The -n or --namespace flag can be used to list the secrets in a certain project / namespace.

oc get secrets

NAME           TYPE                                 DATA      AGE
mysecret1      Opaque                               1         133d
mysecret2      kubernetes.io/tls                    1         133d
mysecret3      kubernetes.io/service-account-token  1         127d

 

The oc get secret command followed by the name of a secret can be used to display an individual secret.

oc get secret mysecret1

NAME           TYPE        DATA      AGE
mysecret1      Opaque      1         133d

 

The -o yaml option can be used to display the contents of the secret. In this example, the secret contains a key named "myKey" and the key contains an encrypted value of "anRwL7VzZ4JpZDxna1F2dpFt9HNw7HZ0cK5wYXlzd29aZD1TTnMjZG75Rwa=".

oc get secret mysecret1 -o yaml

apiVersion: v1
data:
  myKey: anRwL7VzZ4JpZDxna1F2dpFt9HNw7HZ0cK5wYXlzd29aZD1TTnMjZG75Rwa=
kind: Secret
metadata:
  creationTimestamp: "2020-02-03T17:02:04Z"
  name: mysecret1 
  namespace: myProject001
  resourceVersion: "74792019"
  selfLink: /api/v1/namespaces/myProject001/secrets/mysecret1
  uid: e6e760ae-46a6-11aa-9928-005056a39855
type: Opaque

 

The encrypted value can be decrypted using this command, which will return the cleartext secret.

echo "anRwL7VzZ4JpZDxna1F2dpFt9HNw7HZ0cK5wYXlzd29aZD1TTnMjZG75Rwa=" | base64 -d

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter f3df1 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |