This document provides step-by-step instructions to extract and decode the contents of certificates and private keys from a Kubernetes secret.
The Kubernetes secret hippo-tls in the namespace postgres-operator contains the following data:
- ca.crt: Certificate Authority's certificate
- tls.crt: Server's certificate
- tls.key: Server's private key
Run the following command to view the raw Base64-encoded data:
kubectl get secret hippo-tls -n postgres-operator -o jsonpath='{.data}'Output example:
{"ca.crt":"<Base64_String>","tls.crt":"<Base64_String>","tls.key":"<Base64_String>"}Use the following commands to decode each part of the secret:
kubectl get secret hippo-tls -n postgres-operator -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crtkubectl get secret hippo-tls -n postgres-operator -o jsonpath='{.data.tls\.crt}' | base64 -d > tls.crtkubectl get secret hippo-tls -n postgres-operator -o jsonpath='{.data.tls\.key}' | base64 -d > tls.keyAfter decoding, you can view the contents of the files using the following commands:
cat ca.crtcat tls.crtcat tls.key-----BEGIN CERTIFICATE-----
[Base64 encoded certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Base64 encoded certificate]
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
[Base64 encoded private key]
-----END PRIVATE KEY-----
You can use the openssl tool to verify the decoded files:
openssl x509 -in tls.crt -text -nooutopenssl rsa -in tls.key -check- The decoded files (
ca.crt,tls.crt, andtls.key) can now be used for:- Configuring TLS for
pgBouncerorPostgreSQL. - Testing and debugging certificate and key configurations.
- Configuring TLS for
By following these steps, you can successfully decode and retrieve the contents of your certificates and private key from the Kubernetes secret.