Kalesha Gagguturu:
Hi All
Do you have any idea about below error?
base64: invalid input
I am trying to run
echo "a3ViZW1hc3Rlcg" | base64 --decode
echo 'a3ViZW1hc3Rlcg' | base64 --decode
Gin Ichimaru:
Could you try this whether it makes a difference :
echo -n “a3ViZW1hc3Rlcg” | base64 --decode
Shwetha Shenoy V:
Is the input atring base64 encoded?
Shwetha Shenoy V:
You can test the utility by encoding a random string first and then decoding it.
Shwetha Shenoy V:
This works:
echo "a3ViZW1hc3Rlcg" | base64
YTNWaVpXMWhjM1JsY2cK
echo "YTNWaVpXMWhjM1JsY2cK" | base64 -d
a3ViZW1hc3Rlcg
Kalesha Gagguturu:
Hi Swetha
It’s actually copied from one of the secret file
Kalesha Gagguturu:
I am just trying to check secrets can be decoded using base64
Kalesha Gagguturu:
I just had some confusion with encoded data and secrets
Kalesha Gagguturu:
Mostly I need to go through configmaps and secrets one more time
Trung Tran:
If you got this error, the input is not base64 string!
Kalesha Gagguturu:
So if we created a secret with --from-file data, which converts into encoded form can not be able decoded with this base64 utility right
Kalesha Gagguturu:
Where as in configmaps we use the base64 encoded data manually and which can be decoded with base64 utility
Gin Ichimaru:
Then you create a secret, data is already base64 encoded whatever options chosen (–from-literal or --from-file etc) and to decode you just use command you type above.
It’s not the case for configmap. Indeed you have to encode manually for me.
But i remember getting some issues also depending on OS. Sometimes i have to add “-n” option with “echo” command.
Examples :
Kalesha Gagguturu:
Thanks @Gin Ichimaru
I was following same process. But right now i have gone through my complete configuration process and found for decode command what ever the data I provided is different I used linux machine and tried to copy with mouse click.
There end I have == which was not copied with mouse single and now I have appended them manually and decode working fine as expected
gkalesha@kubemaster[Sun Dec 11][04:00 PM]:~$echo -n "a3ViZW1hc3Rlcg" | base64 -d
kubemasterbase64: invalid input
gkalesha@kubemaster[Sun Dec 11][04:03 PM]:~$echo -n "a3ViZW1hc3Rlcg==" | base64 -d
kubemaster
Kalesha Gagguturu:
So even using normal secrets also can be decoded with base64 utlity which is not secured
Trung Tran:
Yes, kubernetes secrets is not really “secret”, it just base64 string and can be decoded easily. We can use some external options like the suggestion from k8s here:
https://kubernetes.io/docs/concepts/security/secrets-good-practices/
Trung Tran:
AWS Secret Manager, Azure Key Vaults, Google Cloud Secret Manager …
Kalesha Gagguturu:
Thank you Trung and Gin
I am clear now