• Modern UX

    Edit and navigate faster in the terminal with Warp's IDE-like input editor.

  • Warp AI

    AI suggests what commands to run and learns from your documentation.

  • Agent Mode

    Delegate tasks to AI and use natural language on the command line.

  • Warp Drive

    Save and share interactive notebooks, workflows, and environment variables.

  • All Features

Get Kubernetes Secrets With kubectl

Thumbnail for Mansi ManhasMansi Manhas

Mansi Manhas

Published: 8/8/2024

About Terminus

In Kubernetes, a Secret is an object that stores sensitive data for containers to use in the form of a key-value pair, such as a password, a token, or an access key. 

The short answer

To display the detailed list of Secrets stored in the Kubernetes cluster, including their name, type, number of data values, and age, you can use the following command:

 $ kubectl get secrets

Run in Warp

Which will output something similar to this:

NAME              TYPE       DATA         AGE
test-secret       Opaque     2            3m41s
warp-secret       Opaque     2            7s

Run in Warp

Where:

  • NAME is the unique name of the Secret.
  • TYPE is the built-in type of the Secret like Opaque, kubernetes.io/ssh-auth etc.
  • DATA is the number of data values the Secret contains.
  • AGE is the time when the Secret was created.

If you want to learn more about Secrets, you can read our article on how to create a Secret in Kubernetes with kubectl

Easily retrieve this command using Warp’s AI Command Suggestions

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Suggestions feature:

Thumbnail for

Entering k8s get secrets options in the AI Command Suggestions will prompt a list of kubectl commands that can then quickly be inserted into your shell by doing CMD+ENTER.

Listing secrets in the YAML and JSON formats

By default, the output format of the kubectl get secrets command is a table. However, you can specify other formats, such as YAML or JSON using the -o flag (short for --output):

 $ kubectl get secrets -o <output_format>

Run in Warp

Where:

  • output_format is one of yaml or json.

For example, the following command will output comprehensive details about all the Secrets in the YAML format:

 $ kubectl get secrets -o yaml

Run in Warp

Listing Secrets by name

To list one or more Secrets by name in your Kubernetes cluster, you can use the kubectl get secrets command as follows:

 $ kubectl get secrets <secret_name …>

Run in Warp

Where:

  • secret_name… is a list of Secret names separated by a space character.

For example, the following command will output a table of information about the Secrets named mysecret1 and mysecret2:

 $ kubectl get secrets mysecret1 mysecret2

Run in Warp

Listing Secrets by label

Labels are key-value pairs attached to the Kubernetes objects that organize resources based on specific criteria.

To list Secrets based on a specific label, you can use the kubectl get secrets command with the -l flag (short for --label):

 $ kubectl get secrets -l <label>=<value>

Run in Warp

Where:

  • label is the key of the label.
  • value is the value associated with the label.

For example, the following command will display all the Secrets labeled app=myapp:

 $ kubectl get secrets -l app=myapp

Run in Warp

Listing the labels of all Secrets

To view the labels associated with all the secrets at once, you can use the kubectl get secrets command with the --show-label flag:

 $ kubectl get secrets --show-labels

Run in Warp

Upon execution, the above command will output an additional column showing any labels associated with secrets.

Listing Secrets by type

To list Secrets based on a specific type, you can use the kubectl get secrets command with the --field-selector flag:

 $ kubectl get secrets --field-selector=<field_name>=<field_value>

Run in Warp

Where:

  • The field_name is a JSONPath expression used for selecting a specific field.
  • The field_value is the value for the specified field.

For example, this command will filter and display the list of all Secrets with type Opaque :

 $ kubectl get secrets --field-selector=type=Opaque

Run in Warp

And this command will get the list of TLS Secrets via selecting the type kubernetes.io/tls:

 $ kubectl get secrets --field-selector type=kubernetes.io/tls

Run in Warp

Listing Secrets by namespace

In Kubernetes, namespaces provide a logical way to separate resources within an application. 

To list all the Secrets in a specified namespace, you can use the kubectl get secrets command with the -n flag (short for --namespace) as follows: 

 $ kubectl get secrets -n <namespace>

Run in Warp

For example, this command will list all the Secrets in the myNamespace namespace.

 $ kubectl get secrets -n myNamespace

Run in Warp

Listing Secrets in all namespaces

To list Secrets across all namespaces, you can use the kubectl get secrets command with the --all-namespaces flag:

 $ kubectl get secrets --all-namespaces

Run in Warp

Extracting Secrets information

To output specific field values of Secrets, you can use the kubectl get secrets command with the -o flag combined with a JSONPath expression as follows:

 $ kubectl get secrets -o jsonpath="<expression>"

Run in Warp

Where:

  • expression is a JSONPath expression

For example, this command will extract the key-value pairs of each label assigned to the Secret:

 $ kubectl get secrets -o=jsonpath="{.items[*].metadata.labels}"

Run in Warp

Where:

  • .items[*] indicates to iterate over each Secret.
  • .metadata specifies the Secret metadata.
  • labels retrieves the label name from the metadata information.

Decoding the values of Secrets

By default, the data values of Secret objects are encoded in Base64, providing a protective measure to conceal their contents.

To decode and retrieve a specific value, you can use the kubectl get secrets command as follows:

 $ kubectl get secrets <secret_name> -o jsonpath=’{.data.<field_name>}’ | base64 -d

Run in Warp

Where:

  • The secret_name is the name of a specific Secret.
  • The field_name is the field name for which you want to get the value using the JSONPath expression.
  • The | is a pipe symbol that redirects the output of one command to the input of another command.
  • The base64 is a command that encodes or decodes data using the Base64 algorithm.
  • The -d is an option used with base64 command for decoding the input data.

For example, this command will fetch the Secret object mysecret, extract the username value from it and decode it from Base64 to plain text:

 $ kubectl get secrets mysecret -o jsonpath=’{.data.username}’ | base64 -d

Run in Warp

Sorting the output of the kubectl get secrets command

To sort the output of the kubectl get secrets command based on a specific field, you can use the kubectl get secrets command with the --sort-by flag:

 $ kubectl get secrets --sort-by=<expression>

Run in Warp

Where:

  • expression is a JSONPath expression.

For example, this command will display the list of all Secrets sorted by their names in ascending order:

 $ kubectl get secrets --sort-by=.metadata.name

Run in Warp

Customizing the output of the kubectl get secrets command

To customize the output columns of the kubectl get secrets command, you can use the kubectl get secrets command with the -o custom-columns flag:

 $ kubectl get secrets -o custom-columns=<custom_column_name>:<expression>

Run in Warp

Where:

  • custom_column_name is the name you want to assign to a column.
  • expression is a JSONPath expression.

For example, this command will only output the NAME and TYPE columns populated with the values of the metadata.name and type properties:

 $ kubectl get secrets -o custom-columns='NAME:.metadata.name,TYPE:type'

Run in Warp

Note that if specifying custom-columns becomes lengthy or if you plan to reuse the same column configurations frequently, you can opt for a template file as follows:

 $ kubectl get secrets -o custom-columns-file=./myTemplate.txt

Run in Warp

Where the myTemplate.txt file has the following content:

 NAME                 TYPE
.metadata.name  type

Run in Warp

Describing secrets with additional information

To display additional information about the secrets, you can use the kubectl describe secrets command as follows:

 $ kubectl describe secrets <secret_name …>

Run in Warp

Where:

  • secret_name … is a list of Secrets names separated by a space indicator.

For example, this command will output details about the mysecret1 and mysecret2 Secrets, such as their associated labels, annotations, type, data size, and more.

$ kubectl describe secrets mysecret1 mysecret2

Run in Warp

To output details about all secrets in the cluster, execute the following command without specifying secret names:

 $ kubectl describe secrets

Run in Warp

Written by

Thumbnail for Mansi ManhasMansi Manhas

Mansi Manhas

Filed Under

Related Articles

Copy Files From Pod in Kubernetes

Learn how to copy files and directories from within a Kubernetes Pod into the local filesystem using the kubectl command.

Kubernetes
Thumbnail for Razvan LudosanuRazvan Ludosanu

Scale Deployments in Kubernetes

Learn how to manually and automatically scale a Deployment based on CPU usage in Kubernetes using the kubectl-scale and kubectl-autoscale commands.

Kubernetes
Thumbnail for Razvan LudosanuRazvan Ludosanu

Get Kubernetes Logs With kubectl

Learn how to get the logs of pods, containers, deployments, and services in Kubernetes using the kubectl command. Troubleshoot a cluster stuck in CrashloopBackoff, ImagePullBackoff, or Pending error states.

Kubernetes
Thumbnail for Ekene EjikeEkene Ejike

Forward Ports In Kubernetes

Learn how to forward the ports of Kubernetes resources such as Pods and Services using the kubectl port-forward command.

Kubernetes

Tail Logs In Kubernetes

Learn how to tail and monitor Kubernetes logs efficiently to debug, trace, and troubleshoot errors more easily using the kubectl command.

Kubernetes

Get Context In Kubernetes

Learn how to get information about one or more contexts in Kubernetes using the kubectl command.

Kubernetes

Delete Kubernetes Namespaces With kubectl

Learn how to delete one or more namespaces and their related resources in a Kubernetes cluster using the kubectl command.

Kubernetes

List Kubernetes Namespaces With kubectl

Learn how to list, describe, customize, sort and filter namespaces in a Kubernetes cluster by name, label, and more using the kubectl command.

Kubernetes
Thumbnail for Mansi ManhasMansi Manhas

How To List Events With kubectl

Learn how to list and filter events in Kubernetes cluster by namespace, pod name and more using the kubectl command.

Kubernetes
Thumbnail for Mansi ManhasMansi Manhas

Kubernetes vs Docker: The Backbone of Modern Backend Technologies

Lean the fundamentals of the Kubernetes and Docker technologies and how they interplay with each other.

KubernetesDocker
Thumbnail for Gabriel ManricksGabriel Manricks

Set Context With kubectl

Learn how to create, modify, switch, and delete a context in Kubernetes using the kubectl config command.

Kubernetes
Thumbnail for Mansi ManhasMansi Manhas

List Pods With kubectl

Learn how to list and filter Kubernetes Pods by name, namespaces, labels, manifests, and more using the kubectl command.

Kubernetes
Thumbnail for Mansi ManhasMansi Manhas

Trusted by hundreds of thousands of professional developers

Download Warp to get started

Download for Mac
Thumbnail for null