Created
November 22, 2021 07:34
-
-
Save tanelmae/f4ee839e51a28ddfc6f09ee0545a7d26 to your computer and use it in GitHub Desktop.
Find secret from the Kubernetes cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Depends on kubectl and jq | |
| function find-secret-usage() { | |
| local SECRET_CONTENT=${1} | |
| echo "Fetching cluster secrets" | |
| # Spaces removed to ensure each loop iteration gets a valid json object. | |
| # Fields that matter don't have spaces. | |
| local SECRETS=$(kubectl get secrets --all-namespaces -o json | sed -e 's/ //g') | |
| for secret in $(echo ${SECRETS} | jq -rc '.items[]'); do | |
| local NAME=$(jq -r '.metadata.name' <<< $secret) | |
| local NAMESPACE=$(jq -r '.metadata.namespace' <<< $secret) | |
| echo "Checking $NAME in $NAMESPACE namespace" | |
| local DATA=$(jq 'select(.data)' <<< $secret) | |
| if [ -z "${DATA}" ]; then | |
| echo "Empty secret" | |
| continue | |
| fi | |
| local ITEMS_FOUND=$(jq --arg SECRET_CONTENT "$SECRET_CONTENT" \ | |
| '.data | to_entries | map(.value | @base64d | select(. == $SECRET_CONTENT)) | length' <<< $secret) | |
| if [ ${ITEMS_FOUND} -eq 1 ]; then | |
| echo "Secret value found in $NAME secret in $NAMESPACE namespace" | |
| read -p "Press any key to continue search or crtl+c to exit" | |
| fi | |
| done | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment