/psst

Quickly read values from Kubernetes secrets

Primary LanguageGoApache License 2.0Apache-2.0

psst 🤫

Sometimes you need to take a little peek at your Kubernetes secrets...

short demo GIF of an interactive psst run


Usage

You can run psst without any arguments to interactively pick the secret and key whose value you want to see.

$ psst
✔  Choose secret: … my-secret
✔  Choose key: … my-key
my-value

Alternatively, you can run psst SECRET KEY to get the value directly.

It's also possible to only provide the SECRET and interactively choose the key.

If the secret only contains a single key, it'll be chosen automatically.

Run psst --help for all options. (For example, you can use the standard kubectl flags to specify namespace and/or context.)

Installation

If you've got Go installed:

go install 'github.com/milas/psst@latest'

You can also build & install in one command with Docker (you do not need to clone the repo):

DEST="${HOME}/.local/bin/" docker buildx bake \
  'https://github.com/milas/psst.git'

Be sure ~/.local/bin is in your PATH or pick a different directory.

Shell Completions

Bash

source <(psst --completion=bash)

To load completions for each session, execute once:

psst --completion=bash > /etc/bash_completion.d/psst

NOTE: For Homebrew installs of bash, use $(brew --prefix)/etc/bash_completion.d/psst

Zsh

source <(psst --completion=zsh); compdef _psst psst

To load completions for each session, execute once:

psst --completion=zsh > "${fpath[1]}/_psst"

fish

psst --completion=fish | source

To load completions for each session, execute once:

psst --completion=fish > ~/.config/fish/completions/psst.fish

PowerShell

psst --completion=powershell | Out-String | Invoke-Expression

Automatic Formatting

TLS Certificates

If the secret is for a TLS certificate, a summary will automatically be shown.

$ psst podinfo-tls

ping.readygo.run
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Subject         CN=ping.readygo.run
Issuer          CN=R3,O=Let's Encrypt,C=US
Not Before      09 Feb 2023 20:36:13 UTC ✔
Not After       10 May 2023 20:36:12 UTC ✔
Algorithm       RSA
Key Size        2048-bit
Subject Key ID  07:18:02:61:5B:33:8E:CC:73:0E:17:B9:CF:05:1D:2E:00:AA:D1:F3
System Trust    🔒 Let's Encrypt/R3 -> Internet Security Research Group/ISRG Root X1

Fingerprints
SHA-1         53:18:37:18:11:5A:3A:17:0F:CF:EE:20:FC:2E:F5:48:7C:75:84:B0
SHA-256       9B:CC:D2:B6:48:AF:51:9C:E3:C4:6C:B8:9D:89:14:A8:C6:32:02:8E:D2:0C:C2:0B:44:5E:01:95:FD:2A:AC:7C

SAN
DNS           ping.readygo.run

💡 Use --raw to process a certificate with OpenSSL

$ psst podinfo-tls tls.crt --raw | openssl x509 -noout -fingerprint -sha1
sha256 Fingerprint=9B:CC:D2:B6:48:AF:51:9C:E3:C4:6C:B8:9D:89:14:A8:C6:32:02:8E:D2:0C:C2:0B:44:5E:01:95:FD:2A:AC:7C

License

Licensed under the Apache License, Version 2.0