kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: add secure example for getting secret values 

The current example showing how to decode a secret
does it in several steps which is fine but if some level
of security is required will leak the encoded secret
value in the shell history thus making it retrievable.

This patch adds an example on how to retrieve that
value without exposing it.
This commit is contained in:
Samuel Gaist 2022-02-16 13:42:12 +01:00
parent e60da5b72e
commit 73bd4563a8
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
View File

@ -130,6 +130,12 @@ The output is similar to:
Now you can decode the `password` data:
```shell
# This is an example for documentation purposes.
# If you did things this way, the data 'MWYyZDFlMmU2N2Rm' could be stored in
# your shell history.
# Someone with access to you computer could find that remembered command
# and base-64 decode the secret, perhaps without your knowledge.
# It's usually better to combine the steps, as shown later in the page.
echo 'MWYyZDFlMmU2N2Rm' | base64 --decode
```
@ -139,6 +145,15 @@ The output is similar to:
1f2d1e2e67df
```
In order to avoid storing a secret encoded value in your shell history, you can
run the following command:
```shell
kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode
```
The output shall be similar as above.
## Clean Up
Delete the Secret you created: