DEV Community

Editing Kubernetes Secrets Inline

Austin Vance on July 12, 2020

We work a lot with Kubernetes and when you're working with Secrets it can be a total pain to edit them. A standard workflow can be something like. ...

Read full post

Amoury • Jul 12 '20

Great tip. Didn't know about this 👍🏼

Austin Vance • Jul 12 '20

Thanks! Helpful in the CKA(D) too

Amoury • Jul 12 '20

Yeah totally. I am just on my journey preparing for CKAD

Austin Vance • Jul 12 '20

Good luck we are studying for it as a team right now

NaveenKumar Namachivayam ⚡ • Jul 12 '20

I am also preparing for CKAD. Please add me in :)

Jonathan Apodaca • Jul 13 '20

Tip: I have a base64 Vim plugin installed that makes this even easier! Just kubectl edit... and then encode/decode from within Vim. No other commands needed.

Austin Vance • Jul 13 '20

The plugin does this under the hood if you checkout the auto load file.

Personally like to avoid plugins if it’s easy enough to learn so I can edit in any environment or on a server without feeling hamstrung

Peter Benjamin (they/them) • Aug 19 '20 • Edited

Nice tip.

For a bit more convenience (so you don't have to edit or move the text to a new line):

: ! echo <cWORD> | base64 | tr -d '\n' | pbcopy

:help <cword> and :help <cWORD> for more information

For even more convenience, this can be converted into a reusable function:

function! B64ify() abort
  silent ! clear
  silent ! echo <cWORD> | base64 | tr -d '\n' | pbcopy
  execute "normal! ciW\<ESC>\"*p"
  redraw!
endfunction

Now, you can call it with :call B64ify()

Lastly, you can map this function to a command and/or keybinding for maximum convenience:

command! B64ify :call B64ify()
nnoremap <silent> <Leader>B :B64ify<CR>

This can also be reversed very easily by copying the function and replacing base64 with base64 -d.

Here is a final demo:

The final config:

function! B64ify() abort
  silent ! clear
  silent ! echo <cWORD> | base64 | tr -d '\n' | pbcopy
  execute "normal! ciW\<ESC>\"*p"
  redraw!
endfunction
command! B64ify :call B64ify()
nnoremap <silent><Leader>B :B64ify<CR>

function! B64decodify() abort
  silent ! clear
  silent ! echo <cWORD> | base64 -d | tr -d '\n' | pbcopy
  execute "normal! ciW\<ESC>\"*p"
  redraw!
endfunction
command! B64decodify :call B64decodify()
nnoremap <silent><Leader>b :B64decodify<CR>

Austin Vance • Aug 24 '20

Nice tip - I love the <cWORD> approach to a lot of things. One limitation is <cWORD> uses vi's word selection. If my secret is a multiline certificate, the contents of a yaml file, or has special characters this won't work.

Peter Benjamin (they/them) • Aug 24 '20 • Edited

That's true.

If you want to visually select the text to pass to an external program, by default vim passes whole lines (e.g. :'<,'> ! base64) , but vis.vim plugin might help (e.g. :'<,'>B ! base64).