AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Parse and decode Kubernetes Secret manifests. Decode all base64-encoded data fields at once.
| Key | Encoded Value | Decoded Value |
|---|
A Kubernetes Secret is an object that stores sensitive data such as passwords, OAuth tokens, SSH keys, and TLS certificates. Secrets are defined in YAML or JSON manifests and store their data as base64-encoded strings in the data field.
Secrets can be mounted as files or exposed as environment variables in pods. Common types include Opaque (generic), kubernetes.io/dockerconfigjson (Docker registry), kubernetes.io/tls (TLS certificates), and kubernetes.io/basic-auth (Basic authentication).
No. Base64 is encoding, not encryption. Anyone with access to the Secret manifest can decode the values instantly. Kubernetes mitigates this with encryption at rest (etcd encryption) and RBAC (access control). Always use additional security measures for truly sensitive data.
data contains base64-encoded values and is used when reading Secrets. stringData allows you to specify plaintext values when creating Secrets — Kubernetes automatically encodes them to base64 when storing. This tool decodes both fields but only shows the difference in the source.
This tool supports all Secret types including Opaque, kubernetes.io/tls, kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, and kubernetes.io/ssh-auth. It decodes all entries in the data field regardless of the secret type.
This tool is focused on decoding existing Secrets. If you need to create new Secrets by encoding plaintext values, use a separate base64 encoder or the Base64 Encoder / Decoder tool.
Yes. All decoding happens entirely in your browser using JavaScript. No data is sent to any server. Your Secret contents never leave your device.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026