How to Get Secret Decoded in Kubernetes

Kubernetes is an open-source container deployment system that runs containerized applications inside the Kubernetes cluster. In application deployment, the secrets are one of the essential resources of Kubernetes. It is utilized to store critical or confidential information like usernames and passwords, API keys, certificates, or tokens. It saves the user from providing critical information in code. The Kubernetes secret does not store data directly, it first transforms data into another form and then stores it in Kubernetes resource.

This article will illustrate:

How to Create a Kubernetes Secret?

Different types of secrets exist in Kubernetes the generic secret is utilized to store generic information like user credentials and tokens, the TLS secret is used to store tls certificate and key, and the docker registry secret stores the Docker login credentials.

For demonstration, we will create a generic secret to store username and password in the below instructions.

Step 1: Start Cluster

First, start the Kubernetes cluster. To do so, simply use the “minikube start” command:

minikube start -p multinode

In the above command, we are starting our multinode minikube cluster:

Step 2: Create Credential File

Next, create two text files named “username.txt” and “password.txt” to save the username and password respectively.

Step 3: Create Secret

Next, navigate to the directory where you have created credential files:

cd C:\Users\Dell\Documents\Kubernetes\Secret

Create a new secret using the “kubectl create secret <secret-type> <secret-name>” command. Here, the “–from-file” option is used to save the secret data from the file:

kubectl create secret generic demo-secret --from-file=username=username.txt --from-file=password=password.txt

Step 4: Get Secret

For verification, list down the secret using the below command

kubectl get secret

The output indicates that a new secret is created successfully:

How to Get Decoded Secret in Kubernetes?

Sometimes users may be required to view the secret information for different reasons such as for debugging purposes, viewing credential information for confirmation, and many more. To get the decoded secret in Kubernetes, follow the demonstration below.

Step 1: Describe Secret

The “kubectl describe” displays the detailed summary of the kubernetes resource. To view the secret details, utilize the “kubectl describe secret <secret-name>” command:

kubectl describe secret demo-secret

Here, the above command shows secret data size only in bytes but does not expose the secret information as shown below:

Step 2: Get Secret Data in Json Format

To get the secret data in json format, use the below command:

kubectl get secret demo-secret -o jsonpath='{.data}'

The below result shows the secret data encoded in base64:

To view the secret, the user needs to decode the secret. To decode the secret from base64 to real form, the user needs to have a bash terminal to run the bash command. To install the bash terminal, follow the “Add Git Bash to Windows Terminal” article.

Step 3: Decode the Secret

To decode the secret, first launch the “git bash” terminal. After that, run the “echo <base64 encoded username> | base64 –decode” command. This command can be directly executed on Linux and Mac terminals:

echo 'TGludXhoaW50' | base64 --decode

Here, we have decoded the username:

To decode the password, use the “echo <base64 encoded password> | base64 –decode” command:

echo 'TGludXhoaW50QDEyMw==' | base64 --decode

How to Get Decoded Secret Using View-Secret Package?

The Kubernetes users can decode the secret using different packages and the “view-secret” package is one of them that can be installed and easily used through one of the Kubernetes-supported plugins “Krew”. To install and use the “view-secret” package, follow the below demonstration:

Prerequisite: Install the Krew Plugin

The Krew plugin is one of the Kubernetes plugins that can be used to install different packages to provide extra functionalities to Kubernetes resources. To install the krew on the system, go through the below steps.

Step 1: Download “krew.exe” File

First, navigate to the krew releases official page and download the “krew.exe” file:


By default, krew will be downloaded in the “Downloads” folder:

Step 2: Launch the Command Prompt

Open the Command Prompt with administrative rights via the “Startup” menu:

Step 3: Install Krew

Navigate to the directory where the “krew.exe” file is downloaded:

cd C:\Users\Dell\Downloads

Next, use the below command to install krew on Windows:

.\krew install krew

The above command will install the krew in the user directory “C:\Users\<User-name>\.krew\bin”:

Step 4: Add Krew to Windows Path

To access the Krew commands from the Windows command line, users are required to add krew in the Windows path. To do so, search for “Environment variable” in the Start menu and launch the below-highlighted settings:

From the “Advanced” tab, open the “Environment Variables” settings:

Select the “Path” variable and press the “Edit” button:

Press the “New” button to add a path, paste the “C:\Users\<User-name>\.krew\bin” path, and press the “OK” button:

Step 5: Verification

Now, close all the Windows terminals and launch the Command Prompt or PowerShell. Then, run the below command to check if krew is installed or not:

kubectl krew

The output shows that we have successfully installed krew on the system:

Decode the Kubernetes Secret Using the View-Secret Package

To decode the secret using the view-secret package, first install the secret using krew. After that, use the “kubectl view-secret <secret-name>” command to decode the secret. For illustration, look at the below steps.

Step 1: Install View-Secret Package

To install the view-secret package, utilize the Kubectl krew plugin as shown below:

kubectl krew install view-secret

You can see we have installed the view-secret package. Ignore the below-shown warning as well:

Step 2: View Kubernetes Secret

Next, to view the Kubernetes decoded secret, utilize the “kubectl view-secret <secret-name>” command:

kubectl view-secret demo-secret

Here, the output shows the current secret contains two variables. To view the decoded value, the user needs to specify the variable name as well in the command:

Step 3: Decode the Secret

To decode the secret value, utilize the “kubectl view-secret <secret-name> <variable-name>” command:

kubectl view-secret demo-secret username

Here, we have decoded the username:

By changing the variable name in the above command, we have accessed the password as shown below:

kubectl view-secret demo-secret password

That is all about getting a decoded secret in Kubernetes.


To get the decoded secret in Kubernetes, first access the secret data in json format through the “kubectl get secret” command. This command will show secret data encoded in base64. To decode the data, use the “echo <base64 encoded data> | base64 –decode” command. Alternatively, the user can view the decoded secret by using the “view-secret” package. This blog has illustrated how to get decoded secrets in Kubernetes.

About the author

Rafia Zafar

I am graduated in computer science. I am a junior technical author here and passionate about Programming and learning new technologies. I have worked in JAVA, HTML 5, CSS3, Bootstrap, and PHP.