Is there a way to read secret data using kubernetes library in python?

Question

I want to read the DAYA label value from the kubectl get secret -o wide command shown below.

I using this code:

from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
secret = v1.read_namespaced_secret("mysql-pass", "default")
print(secret)

However, the value of the data label was not found...

{'api_version': None,
 'data': {'ca.crt': 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hOekV4TkRjMU5Gb1hEVE13TURneE5qRXhORGMxTkZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVBiClBMQ2t3cTZUQzV2RWVtSEswbGx6T3k0OFZsWjNtUXYzS1NnOHI5TW9ualhheDhZaXhHMGVkaVMvL1NBMTJUUWUKVWFWZEJIWE5Lc2wxNXhPcnRnTWkxbmdpcWdoazZ6eFNXUVZpa0dxWFFJSzlqeTJwamo5WGZFQ0I1Sk5QcDFaUQowS1ZSUWtZV2ZwMTV3dEsyVnVleFhNZDdTT2plb1R3OGhmOHdKeXJUaVliSC8vZVZrNzExbmJHRVBSckh6SlVQClBMckRkN0RNaVArRWtmR2syVlBFN3I3N0pmUGJNRU5za0dEMlZRelQrbjFpZkd3NlJDS3BZSFVYVUZoekVHek4KcDZ5YkEwUGJUNVRCZks0ZEVUZWlYOFQrVnBrNlpNbzJBYUs1TkNsN2NIZEJSVjZwWWcvNElOaFdCZzV1WjFHKwpZMTZ4RW5JMXBwVDFLVGRhRnJNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCVU02TjNNS1haMldnNlJFR3MrQUlWbzAybHQxMFFPUldES2lEbFd5Y1VpWFpXWDlRTgpib0dxcEFvNzZXbUhOOUtWM3dMOFBtRkhHRTFGczVLMTlTdkVVVVFRb0d1ZHRQcWxGMEtaYlVwTFBKUEFFM3JzClRXSkdWSHNSS3hQUFYvZ3JBZlZoN0pFMU5jRWY2MWVwZENrVWE4cVh2KzV0bWNYOUtJM0s2Tzk4azVPZUVJdVIKSGNUS1FtL3VZOStNcm9xVE1SYVUxQUh5VmRpOFFidHAxT1ZBNHVsc09aOHZoRDIvYmNiUFp5NkkwaWJNcFhkSApCRXdITGVMNHJ4VDJlS0VhL2pMbVJBREF6djNodUZCWXNmdUthcmx1S2Y0M2xQeW40czhpQ2VNN29LVnRQK1diCngyMFplc28wa1JEYlhocHp4VDVBcElkdWRwSU9kbkZzSzdLMgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==',
          'namespace': 'ZGVmYXVsdA==',
          'token': 'ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkluWlFWVU5aV21aM2FERkhRbGhJTW1KbFJUTjBZV1EzWlcxcFRUVkJibEJWVFdka1lXTmhXVkpKVGxraWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbVJsWm1GMWJIUXRkRzlyWlc0dGVuWnNPR3NpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pWkdWbVlYVnNkQ0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJbUptWkdVek5tSmlMV1UyTjJZdE5ESXdaQzFoWlRZekxXTXdaVGRtWkRobE56VXdaQ0lzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pXWmhkV3gwT21SbFptRjFiSFFpZlEuU2taV05IcE1zTHk5enBpOEdpT0FvN29rSXE4U05oME41Yy15QkNKU0VESWs5M2lhNFZnNjRyZGNSTVdGTTFiWTBNZk91WnVvNnV2bEgxeXhRRmlOaDJXaEp6OEZfcXRCUDRmQnRMUE4xX3hBRzNGWllYLXA3eWJ2M19RQnU2R01aS3dMSi1vNEpqLVlveXdlQVBIRnRUVGpiYk9fNGpidmROTEhyUml0Q3RyOGJRMGFQWmxiU3JGSW1XNUxtbmVjLUFUYXluVm83NjdSRmdueWNQd2Z5RmxELTJlVzBmcndac0tCSXhyUFpiSUFfaEZXRXFFdGllaHhUUm12Q3dGSjByUGlDbG5iUkloekpZV29IWVg4NnVuR09CMGVPdmNMT29DSmM1VnVMX1pFeFpmQUN6OE5OVW9iaEVwUFZrOURPNmlINXc0cDNrS28xZHdwYkZSZDN3'},
 'kind': None,
 'metadata': {'annotations': {'kubernetes.io/service-account.name': 'default',
                              'kubernetes.io/service-account.uid': 'bfde36bb-e67f-420d-ae63-c0e7fd8e750d'},
              'cluster_name': None,
              'creation_timestamp': datetime.datetime(2020, 8, 18, 11, 48, 19, tzinfo=tzutc()),
              'deletion_grace_period_seconds': None,
              'deletion_timestamp': None,
              'finalizers': None,
              'generate_name': None,
              'generation': None,
              'initializers': None,
              'labels': None,
              'managed_fields': [{'api_version': 'v1',
                                  'fields': None,
                                  'manager': 'kube-controller-manager',
                                  'operation': 'Update',
                                  'time': datetime.datetime(2020, 8, 18, 11, 48, 19, tzinfo=tzutc())}],
              'name': 'default-token-zvl8k',
              'namespace': 'default',
              'owner_references': None,
              'resource_version': '319',
              'self_link': '/api/v1/namespaces/default/secrets/default-token-zvl8k',
              'uid': 'd11e5725-7ce5-4a9d-b6fb-4bb76c8fb9eb'},
 'string_data': None,
 'type': 'kubernetes.io/service-account-token'}

Maybe I'm misunderstanding the question but your `data` labels is right there in the dictionary? With base64 encoded values as you'd expect... — Dandy, Sep 09 '20 at 08:00

score 3 · Accepted Answer · answered Sep 09 '20 at 15:29

As pointed by user Dandy, there are 2 possible interpretations to this question:

Getting the data field from the secret - comment (I thought this first)
Getting the DATA (counter) from the kubectl get secret -o yaml - answer

Not really sure why did you post a code sample referencing the secret mysql-pass and included the output of the default-token-zvl8k

I've created an example to show you both options:

secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
type: Opaque
data:
  username: a3J1awo= # kruk 
  password: c3VwZXJoYXJkcGFzc3dvcmQ= # superhardpassword

Python3 code:

from kubernetes import client, config
import base64

config.load_kube_config()
v1 = client.CoreV1Api()
secret = v1.read_namespaced_secret("example-secret", "default") # get the secret 

data = secret.data # extract .data from the secret 
name = secret.metadata.name
password = secret.data['password'] # extract .data.password from the secret

decoded = base64.b64decode(password) # decode (base64) value from pasw

print ("Secret: " + name)
print("-------------")
print("Here you have the data: ")
print(data)
print("COUNTED DATA: " + str(len(data))) # <- ANSWER FOR THE DATA COUNTER
print("-------------")
print("Here you have the decoded password: ")
print(decoded)

With above code you can:

extract needed information from secret named example-secret.
count the slices from the data field (as in $ kubectl get secret -o yaml) - pointed by user Dandy

The output of above Python3 script:

Secret: example-secret
-------------
Here you have the data: 
{'password': 'c3VwZXJoYXJkcGFzc3dvcmQ=', 'username': 'a3J1awo='}
COUNTED DATA: 2
-------------
Here you have the decoded password: 
b'superhardpassword'

As for b'' you can look here:

Stackoverflow.com: Questions: How do I get rid of the b prefix in a string in python

score 1 · Answer 2 · answered Sep 09 '20 at 08:10

1

There is no "data" / count label. That is a count of the amount of slices found in the data array.

So all you'll need to do is count the items in that dict in your response and you'll have the same number.

answered Sep 09 '20 at 08:10

Dandy

1,466
16
31

Is there a way to read secret data using kubernetes library in python?

2 Answers2