Modify secret without worrying about base64 encode/decode

[tcaenen]

There's already a kubectl plugin that works quite well to do that : https://github.com/rajatjindal/kubectl-modify-secret
It would be an awesome feature to add to k9s.
Maybe using a new shortcut like ctrl-x ?

[derailed]

@tcaenen Unless I am mistaken, you don't a plugin for this as you can just use stringData since it's just an encoding. Might as well let k8s take care of base64ing your secrets.

[fernferret]

Why not use the excellent k9s plugin system!

I configured this by adding the following to my ~/.k9s/plugin.yml:

plugin:
  edit-secret:
    shortCut: Ctrl-X
    confirm: false
    description: "Edit Decoded Secret"
    scopes:
      - secrets
    command: kubectl
    background: false
    args:
      - modify-secret
      - --namespace
      - $NAMESPACE
      - --context
      - $CONTEXT
      - $NAME

Now I can edit secrets using this plugin with <Ctrl-X>

I had a brief look at the code for editing secrets and as suspected; @derailed is just calling kubectl edit ... so I don't like the idea of making users install a plugin to edit secrets, since it doesn't use the kubernetes api for a lot of these calls; it just calls kubectl.

[jontro]

For others trying out @fernferret's solution: You need to install krew and the kubectl-modify-secret plugin found here

[darluc]

It works! Thanks @fernferret & @jontro

[msolimans]

1. Install krew from here https://krew.sigs.k8s.io/docs/user-guide/setup/install/ (skip this step in case you have already it)

2. Install modify-secret plugin
   kubectl krew install modify-secret

3. Run the following command or add it to ~/.zshrc or ~/.bashrc
export XDG_CONFIG_HOME=~/

4. Add the following to ~/k9s/plugin.yml

plugin:
  edit-secret:
    shortCut: Ctrl-X
    confirm: false
    description: "Edit Decoded Secret"
    scopes:
      - secrets
    command: kubectl
    background: false
    args:
      - modify-secret
      - --namespace
      - $NAMESPACE
      - --context
      - $CONTEXT
      - $NAME

[guettli]

it would be great if k9s could do this without a plugin. At least for me above did not work.

Although k modify-secret foo works.

[benjimin]

Seconding this. It's very useful that k9s can view a secret in decoded form. The existing functionality to edit a secret in k9s is inconvenient (because you're editing the base64 encoding rather than the plaintext). I don't see any reason why a third-party kubectl plugin should be necessitated?

This enhancement might also be a good first issue, in that it seems like a moderately straightforward and self-contained feature request (to combine the existing functionality of the "decode" and "edit" functions, for example by re-encoding the data before dispatching).

[pratclot]

1. Install krew from here https://krew.sigs.k8s.io/docs/user-guide/setup/install/ (skip this step in case you have already it)

   2. Install modify-secret plugin
      kubectl krew install modify-secret

   3. Run the following command or add it to ~/.zshrc or ~/.bashrc
export XDG_CONFIG_HOME=~/

   4. Add the following to ~/k9s/plugin.yml

plugin:
  edit-secret:
    shortCut: Ctrl-X
    confirm: false
    description: "Edit Decoded Secret"
    scopes:
      - secrets
    command: kubectl
    background: false
    args:
      - modify-secret
      - --namespace
      - $NAMESPACE
      - --context
      - $CONTEXT
      - $NAME

Step 2 is helpful, step 3 will ruin all your other apps, step 4 specifies incorrect filename and wrong content. Please see here how to properly organize the file.

[jamesharr]

Minor update; k9s seems to have changed the desired location/extension of the plugins file and the format ever so slightly.

# ~/.config/k9s/plugins.yaml
plugins:
  edit-secret:
    # Setup:
    #  brew install krew
    #  kubectl krew install modify-secret
    #  echo "export XDG_CONFIG_HOME=~/.config" >> ~/.zshrc   # this may or may not be required now
    # See also:
    #  https://github.com/derailed/k9s/issues/1017#issuecomment-1328330026
    shortCut: Ctrl-X
    confirm: false
    description: "Edit Decoded Secret"
    scopes:
      - secrets
    command: kubectl
    background: false
    args:
      - modify-secret
      - --namespace
      - $NAMESPACE
      - --context
      - $CONTEXT
      - $NAME

I still think this would be an amazing thing to have built-in to k9s. It's been extremely useful

[theomeuh]

I am also looking for a simple solution to edit secret without any plugin. This looks like a missed opportunity to make dev life simple

[steve96961]

This would be a really nice feature and the lack thereof is the only reason I still ocasionally use the kubernetes-dashboard.

[AceXintense]

+1 This would make the tool easier to use, will use the plugin for the meantime but I can see this being a thing that stops people switching from Lens etc.

[riftsin]

Hello,

Here's a plugin that doesn't require installing https://github.com/rajatjindal/kubectl-modify-secret, it does require you to have jq installed though.

Another thing to note is that unfortunately the KUBE_EDITOR environment variable is not available in plugins, so I used vim in that plugin, but you can just change the line vim $tempfile with whatever editor you wish to use.

plugins:
  edit-secret:
    shortCut: Ctrl-X
    confirm: false
    description: Edit Decoded Secret
    scopes:
      - secrets
    command: sh
    background: false
    args:
      - -c
      - >-
        tempfile=$(mktemp);
        secret=$(kubectl get secrets --context $CONTEXT --namespace $NAMESPACE $NAME -o json);
        printf '%s\n' $secret | jq '.data | map_values(@base64d)' > $tempfile;
        vim $tempfile;
        secret_data=$(cat $tempfile | jq -c '. | map_values(@base64)');
        rm $tempfile;
        printf '%s\n' $secret | jq -r --argjson secret_data "$secret_data" '.data = $secret_data' | kubectl apply -f -;

To install it, first check where your plugin file is supposed to live (it changes depending on your os)

k9s info
 ____  __.________
|    |/ _/   __   \______
|      < \____    /  ___/
|    |  \   /    /\___ \
|____|__ \ /____//____  >
        \/            \/

Version:           vX.Y.Z
Config:            /Users/fernand/.config/k9s/config.yaml
Logs:              /Users/fernand/.local/state/k9s/k9s.log
Dumps dir:         /Users/fernand/.local/state/k9s/screen-dumps
Benchmarks dir:    /Users/fernand/.local/state/k9s/benchmarks
Skins dir:         /Users/fernand/.local/share/k9s/skins
Contexts dir:      /Users/fernand/.local/share/k9s/clusters
Custom views file: /Users/fernand/.local/share/k9s/views.yaml
Plugins file:      /Users/fernand/.local/share/k9s/plugins.yaml
Hotkeys file:      /Users/fernand/.local/share/k9s/hotkeys.yaml
Alias file:        /Users/fernand/.local/share/k9s/aliases.yaml

Then copy this file to the path indicated by the line Plugins file.
If you already have plugins installed, you probably already know what to do.