k8s-unused-secret-detector
Find unused Kubernetes secrets in your cluster
TLDR
Detect unused secrets
Detect unused secrets in a specific namespace
Delete unused secrets in a specific namespace
SYNOPSIS
k8s-unused-secret-detector
DESCRIPTION
The k8s-unused-secret-detector is a command-line tool designed to identify Kubernetes Secrets within a cluster that are not actively being utilized by any Pods or Deployments.
It automates the process of analyzing the Kubernetes resource definitions to find Secrets and their references within the cluster. The utility searches for all Secrets in all namespaces and then determines if those secrets are actually being used by any resources like pods, deployments, statefulsets, and daemonsets.
The command helps Kubernetes administrators and developers optimize resource utilization by removing unused secrets, enhancing security by reducing the attack surface and improving compliance. By identifying and removing unused Secrets, organizations can reduce the risk of accidental exposure or misuse of sensitive data.
CAVEATS
The tool might not detect secrets used via external controllers or custom operators if they don't follow standard Kubernetes referencing mechanisms. The detector relies on analyzing YAML/JSON definitions and will not be able to identify secrets used through more obscure methods.
EXAMPLE USAGE
Running the command without any options will analyze all secrets in all namespaces and output a list of unused secrets.
SECURITY CONSIDERATIONS
Ensure the account running the command has the necessary permissions to list and get secrets and pods across all namespaces.