How to dump all kubernetes secrets to yaml files

Kevin Simper
Feb 1, 2018 · 1 min read

I had a task to move all our encrypted kubernetes secrets that we had stored encrypted on github to Keybase new encrypted git repositories. It would make it much easier to edit the secrets and still not have them stored unencrypted at another companies server.

The difficult part of this command is to dump the files to the same filename as the key has as name. xargs can run a command per item it gets piped, but you can’t append > to write the output to individual files as it is the output of the whole xargs command. Therefore you have to use sh to start a new shell and give the secret name as argument to that shell so that you can use it as $1 to get the correct escaping for the filename.

You can read more about Keybase awesome encrypted git repositories https://keybase.io/blog/encrypted-git-for-everyone

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store