|
|
|
#!/usr/bin/env bash
|
|
|
|
# vim:ts=4:sts=4:sw=4:et
|
|
|
|
#
|
|
|
|
# Author: Hari Sekhon
|
|
|
|
# Date: 2020-09-08 12:52:38 +0100 (Tue, 08 Sep 2020)
|
|
|
|
#
|
|
|
|
# https://github.com/HariSekhon/bash-tools
|
|
|
|
#
|
|
|
|
# License: see accompanying Hari Sekhon LICENSE file
|
|
|
|
#
|
|
|
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
|
|
|
#
|
|
|
|
# https://www.linkedin.com/in/HariSekhon
|
|
|
|
#
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
[ -n "${DEBUG:-}" ] && set -x
|
|
|
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
|
|
|
|
# shellcheck disable=SC1090
|
|
|
|
. "$srcdir/lib/utils.sh"
|
|
|
|
|
|
|
|
# shellcheck disable=SC2034,SC2154
|
|
|
|
usage_description="
|
|
|
|
Simply reads out and base64 decodes secret values to quickly debug them
|
|
|
|
|
|
|
|
Iterates each key within the Kubernetes secret and prints them line by line with their contained value
|
|
|
|
|
|
|
|
Output format:
|
|
|
|
|
|
|
|
<secret_key1> <decoded_value>
|
|
|
|
<secret_key2> <decoded_value>
|
|
|
|
|
|
|
|
Good counterpart to check on what has been auto-loaded from GCP Secret Manager
|
|
|
|
to Kubernetes secrets by gcp_secrets_to_kubernetes.sh
|
|
|
|
|
|
|
|
Requires kubectl in \$PATH and configured
|
|
|
|
"
|
|
|
|
|
|
|
|
# used by usage() in lib/utils.sh
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
usage_args="<secret_name>"
|
|
|
|
|
|
|
|
help_usage "$@"
|
|
|
|
|
|
|
|
min_args 1 "$@"
|
|
|
|
|
|
|
|
#kubectl get secret stackdriver-api-key -o 'jsonpath={.data.stackdriver-api-key}' | base64 -D
|
|
|
|
kubectl get secret "$@" -o json |
|
|
|
|
# @base64d works nicely on jq 1.6 but not available on 1.5
|
|
|
|
#jq -r '.data | to_entries[] | [.key, (.value | @base64d) ] | @tsv''
|
|
|
|
jq -r '.data | to_entries[] | [.key, .value] | @tsv' |
|
|
|
|
while read -r key value; do
|
|
|
|
# use --decode not -d / -D which varies between Linux and Mac
|
|
|
|
printf '%s\t%s\n' "$key" "$(base64 --decode <<< "$value")"
|
|
|
|
done
|