k8sec

List all secrets

$ k8sec list

$ k8sec list [secret_name] --base64

$ k8sec set [secret_name] [key=value]

$ k8sec set --base64 [secret_name] [key=encoded_value]

$ k8sec unset [secret_name]

$ k8sec load [[-f|--filename]] [path/to/file] [secret_name]

$ k8sec dump [[-f|--filename]] [path/to/file] [secret_name]

k8sec command [options] [arguments]

Common commands include:
k8sec get type [name] [options]
k8sec create type name [options]
k8sec edit type name [options]
k8sec delete type name [options]

-n, --namespace
    Specify the Kubernetes namespace for the operation.

--from-literal==
    Specify data directly from the command line. Can be used multiple times to add multiple key-value pairs.

--from-file==
    Specify data from a file path. Can be used multiple times to add data from different files or under different keys.

--from-env-file=
    Specify data from an environment file, where each line represents a KEY=VALUE pair.

-o, --output
    Output format for displaying resources. Common options include yaml, json, and wide.

-v, --version
    Display the version information of the k8sec tool.

-h, --help
    Show the help message for k8sec or a specific subcommand.

k8sec is a command-line interface (CLI) tool designed to simplify the management of Kubernetes Secrets and ConfigMaps. It provides a consistent and user-friendly experience for interacting with these Kubernetes resources, often wrapping complex kubectl commands and automating tasks like Base64 encoding/decoding.

The primary goal of k8sec is to enhance the developer and operator experience by streamlining common operations such as creating, viewing, editing, and deleting secrets and configmaps, especially those containing sensitive or binary data. It helps in avoiding direct manipulation of Base64 encoded values, thereby reducing errors and improving workflow efficiency.

k8sec relies on a properly configured kubectl environment to interact with Kubernetes clusters. It handles sensitive data, so users must ensure that appropriate access controls (RBAC) are in place for the user or service account executing the command. While convenient, k8sec may not support all advanced functionalities or edge cases offered by direct kubectl commands for secret or configmap management, focusing primarily on common and simplified workflows.

While k8sec simplifies secret management, users should always adhere to Kubernetes security best practices. This includes limiting access to secrets using Kubernetes RBAC, encrypting secrets at rest where possible, and considering external secret management systems (e.g., HashiCorp Vault, cloud-specific secret managers) for production environments to centralize and secure sensitive data more robustly. Direct manipulation of secrets on the command line should always be done in secure environments.

k8sec is designed to work seamlessly with any Kubernetes cluster where kubectl is configured and authenticated. Its focus on simplifying common operations makes it a valuable tool for local development, testing, and even scripting within CI/CD pipelines to automate the deployment and management of configuration and sensitive data within Kubernetes.

k8sec emerged as an open-source solution to address common pain points faced by developers and operators when managing Kubernetes Secrets and ConfigMaps. Historically, users often had to manually handle Base64 encoding/decoding for secret values, which was error-prone and cumbersome. Its development was driven by the need for a more intuitive and secure command-line interface for these sensitive Kubernetes resources, aiming to provide a convenient wrapper around kubectl that simplifies complex operations and enhances usability for everyday tasks.

kubectl(1), helm(1), sops(1), base64(1)