Terminus
Kubernetes
Get Kubernetes Secrets With kubectl

Get Kubernetes Secrets With kubectl

Mansi Manhas
Mansi Manhas
Kubernetes

In Kubernetes, a Secret is an object that stores sensitive data for containers to use in the form of a key-value pair, such as a password, a token, or an access key. 

The short answer

To display the detailed list of Secrets stored in the Kubernetes cluster, including their name, type, number of data values, and age, you can use the following command:

 $ kubectl get secrets

Which will output something similar to this:

 NAME             TYPE         DATA     AGE
test-secret       Opaque     2            3m41s
warp-secret     Opaque     2            7s

Where:

  • [.inline-code]NAME[.inline-code] is the unique name of the Secret.
  • [.inline-code]TYPE[.inline-code] is the built-in type of the Secret like [.inline-code]Opaque[.inline-code], [.inline-code]kubernetes.io/ssh-auth[.inline-code] etc.
  • [.inline-code]DATA[.inline-code] is the number of data values the Secret contains.
  • [.inline-code]AGE[.inline-code] is the time when the Secret was created.

If you want to learn more about Secrets, you can read our article on how to create a Secret in Kubernetes with kubectl

[#easily-recall-with-ai] Easily retrieve this command using Warp’s AI Command Suggestions [#easily-recall-with-ai]

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Suggestions feature:

Entering [.inline-code]k8s get secrets options[.inline-code] in the AI Command Suggestions will prompt a list of [.inline-code]kubectl[.inline-code] commands that can then quickly be inserted into your shell by doing [.inline-code]CMD+ENTER[.inline-code].

[#list-secrets-in-yaml-or-json] Listing secrets in the YAML and JSON formats [#list-secrets-in-yaml-or-json]

By default, the output format of the [.inline-code]kubectl get secrets[.inline-code] command is a table. However, you can specify other formats, such as YAML or JSON using the [.inline-code]-o[.inline-code] flag (short for [.inline-code]--output[.inline-code]):

 $ kubectl get secrets -o <output_format>

Where:

  • [.inline-code]output_format[.inline-code] is one of [.inline-code]yaml[.inline-code] or [.inline-code]json[.inline-code].

For example, the following command will output comprehensive details about all the Secrets in the YAML format:

 $ kubectl get secrets -o yaml

[#list-secrets-by-name] Listing Secrets by name [#list-secrets-by-name]

To list one or more Secrets by name in your Kubernetes cluster, you can use the [.inline-code]kubectl get secrets[.inline-code] command as follows:

 $ kubectl get secrets <secret_name …>

Where:

  • [.inline-code]secret_name…[.inline-code] is a list of Secret names separated by a space character.

For example, the following command will output a table of information about the Secrets named [.inline-code]mysecret1[.inline-code] and [.inline-code]mysecret2[.inline-code]:

 $ kubectl get secrets mysecret1 mysecret2

[#list-secrets-by-label] Listing Secrets by label [#list-secrets-by-label]

Labels are key-value pairs attached to the Kubernetes objects that organize resources based on specific criteria.

To list Secrets based on a specific label, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]-l[.inline-code] flag (short for [.inline-code]--label[.inline-code]):

 $ kubectl get secrets -l <label>=<value>

Where:

  • [.inline-code]label[.inline-code] is the key of the label.
  • [.inline-code]value[.inline-code] is the value associated with the label.

For example, the following command will display all the Secrets labeled [.inline-code]app=myapp[.inline-code]:

 $ kubectl get secrets -l app=myapp

[#list-all-secrets-labels] Listing the labels of all Secrets [#list-all-secrets-labels]

To view the labels associated with all the secrets at once, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]--show-label[.inline-code] flag:

 $ kubectl get secrets --show-labels

Upon execution, the above command will output an additional column showing any labels associated with secrets.

[#list-secrets-by-type] Listing Secrets by type [#list-secrets-by-type]

To list Secrets based on a specific type, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]--field-selector[.inline-code] flag:

 $ kubectl get secrets --field-selector=<field_name>=<field_value>

Where:

  • The [.inline-code]field_name[.inline-code] is a JSONPath expression used for selecting a specific field.
  • The [.inline-code]field_value[.inline-code] is the value for the specified field.

For example, this command will filter and display the list of all Secrets with type [.inline-code]Opaque [.inline-code]:

 $ kubectl get secrets --field-selector=type=Opaque

And this command will get the list of TLS Secrets via selecting the type [.inline-code]kubernetes.io/tls[.inline-code]:

 $ kubectl get secrets --field-selector type=kubernetes.io/tls

[#list-secrets-by-namespace] Listing Secrets by namespace [#list-secrets-by-namespace]

In Kubernetes, namespaces provide a logical way to separate resources within an application. 

To list all the Secrets in a specified namespace, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]-n[.inline-code] flag (short for [.inline-code]--namespace[.inline-code]) as follows: 

 $ kubectl get secrets -n <namespace>

For example, this command will list all the Secrets in the [.inline-code]myNamespace[.inline-code] namespace.

 $ kubectl get secrets -n myNamespace

[#list-secrets-by-namespace] Listing Secrets in all namespaces [#list-secrets-by-namespace]

To list Secrets across all namespaces, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]--all-namespaces[.inline-code] flag:

 $ kubectl get secrets --all-namespaces

[#extract-secrets-information] Extracting Secrets information [#extract-secrets-information]

To output specific field values of Secrets, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]-o[.inline-code] flag combined with a JSONPath expression as follows:

 $ kubectl get secrets -o jsonpath="<expression>"

Where:

  • [.inline-code]expression[.inline-code] is a JSONPath expression

For example, this command will extract the key-value pairs of each label assigned to the Secret:

 $ kubectl get secrets -o=jsonpath="{.items[*].metadata.labels}"

Where:

  • [.inline-code].items[*][.inline-code] indicates to iterate over each Secret.
  • [.inline-code].metadata[.inline-code] specifies the Secret metadata.
  • [.inline-code]labels[.inline-code] retrieves the label name from the metadata information.

[#decode-secrets-values] Decoding the values of Secrets [#decode-secrets-values]

By default, the data values of Secret objects are encoded in Base64, providing a protective measure to conceal their contents.

To decode and retrieve a specific value, you can use the [.inline-code]kubectl get secrets[.inline-code] command as follows:

 $ kubectl get secrets <secret_name> -o jsonpath=’{.data.<field_name>}’ | base64 -d

Where:

  • The [.inline-code]secret_name[.inline-code] is the name of a specific Secret.
  • The [.inline-code]field_name[.inline-code] is the field name for which you want to get the value using the JSONPath expression.
  • The [.inline-code]|[.inline-code] is a pipe symbol that redirects the output of one command to the input of another command.
  • The [.inline-code]base64[.inline-code] is a command that encodes or decodes data using the Base64 algorithm.
  • The [.inline-code]-d[.inline-code] is an option used with [.inline-code]base64[.inline-code] command for decoding the input data.

For example, this command will fetch the Secret object [.inline-code]mysecret[.inline-code], extract the [.inline-code]username[.inline-code] value from it and decode it from Base64 to plain text:

 $ kubectl get secrets mysecret -o jsonpath=’{.data.username}’ | base64 -d

[#sort-the-secrets-list] Sorting the output of the [.inline-code]kubectl get secrets[.inline-code] command [#sort-the-secrets-list]

To sort the output of the [.inline-code]kubectl get secrets[.inline-code] command based on a specific field, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]--sort-by[.inline-code] flag:

 $ kubectl get secrets --sort-by=<expression>

Where:

  • [.inline-code]expression[.inline-code] is a JSONPath expression.

For example, this command will display the list of all Secrets sorted by their names in ascending order:

 $ kubectl get secrets --sort-by=.metadata.name

[#customize-the-secrets-list] Customizing the output of the [.inline-code]kubectl get secrets[.inline-code] command [#customize-the-secrets-list]

To customize the output columns of the [.inline-code]kubectl get secrets[.inline-code] command, you can use the [.inline-code]kubectl get secrets[.inline-code] command with the [.inline-code]-o custom-columns[.inline-code] flag:

 $ kubectl get secrets -o custom-columns=<custom_column_name>:<expression>

Where:

  • [.inline-code]custom_column_name[.inline-code] is the name you want to assign to a column.
  • [.inline-code]expression[.inline-code] is a JSONPath expression.

For example, this command will only output the [.inline-code]NAME[.inline-code] and [.inline-code]TYPE[.inline-code] columns populated with the values of the [.inline-code]metadata.name[.inline-code] and [.inline-code]type[.inline-code] properties:

 $ kubectl get secrets -o custom-columns='NAME:.metadata.name,TYPE:type'

Note that if specifying custom-columns becomes lengthy or if you plan to reuse the same column configurations frequently, you can opt for a template file as follows:

 $ kubectl get secrets -o custom-columns-file=./myTemplate.txt

Where the [.inline-code]myTemplate.txt[.inline-code] file has the following content:

 NAME                 TYPE
.metadata.name  type

[#describe-secrets] Describing secrets with additional information [#describe-secrets]

To display additional information about the secrets, you can use the [.inline-code]kubectl describe secrets[.inline-code] command as follows:

 $ kubectl describe secrets <secret_name …>

Where:

  • [.inline-code]secret_name …[.inline-code] is a list of Secrets names separated by a space indicator.

For example, this command will output details about the [.inline-code]mysecret1[.inline-code] and [.inline-code]mysecret2[.inline-code] Secrets, such as their associated labels, annotations, type, data size, and more.

$ kubectl describe secrets mysecret1 mysecret2

To output details about all secrets in the cluster, execute the following command without specifying secret names:

 $ kubectl describe secrets
Written by
Mansi Manhas
Mansi Manhas
Filed under
Kubernetes
Trusted by hundreds of thousands of professional developers

Download Warp
to get started

Download for Mac
macOS
Linux x64
.deb
Linux x64
.rpm
Linux x64
.pkg.tar.zst
Arch Linux
Linux x64
AppImage
Warp for Windows is coming soon.
Sign up for the waitlist
.deb
Debian, Ubuntu
.rpm
Fedora, Red Hat
macOS
Linux x64
.deb
Linux x64
.rpm
Linux x64
.pkg.tar.zst
Arch Linux
Linux x64
AppImage
Warp for Windows is coming soon.
Sign up for the waitlist
Join the Windows waitlist
macOS
Linux x64
.deb
Linux x64
.rpm
Linux x64
.pkg.tar.zst
Arch Linux
Linux x64
AppImage
Warp for Windows is coming soon.
Sign up for the waitlist
Success! You will receive an email from Warp with the download link.
Oops! Something went wrong while submitting the form.