Decoding Kubernetes secret
If you have jq (json query) this works:
kubectl get secret db-user-pass -o json | jq '.data | map_values(@base64d)'
NOTE:
db-user-passis the name of the k8s secret.datais the variable within that contains the secret value
I would suggest using this handy command. It utilizes a power of go-templates. It iterates over all values, decodes them, and prints them along with the key. It also handles not set values.
kubectl get secret name-of-secret -o go-template='
{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'
## In your case it would output
# password: decoded_password
# username: decoded_username
If you don't like go-templates you can use different output formats e.g. yaml or json, but that will output secrets encoded by base64.
You can use kubectl get secrets/db-user-pass -o yaml or -o json where you'll see the base64-encoded username and password. You can then copy the value and decode it with something like echo <ENCODED_VALUE> | base64 -D (Mac OS X).
A more compact one-liner for this:
kubectl get secrets/db-user-pass --template={{.data.password}} | base64 -D
and likewise for the username:
kubectl get secrets/db-user-pass --template={{.data.username}} | base64 -D
Note: on GNU/Linux, the base64 flag is -d, not -D.