Using kubectl get to View Configurations in Kubernetes (ConfigMaps & Secrets )

In Kubernetes, the kubectl get command is used to retrieve any resource within the cluster.

Configurations are typically stored in two types of objects that pods can reference to read and mount. These two types of objects are:

1.ConfigMaps – for non-sensitive application settings

2 Secrets – for storing credentials and sensitive values

In this guide, you’ll learn how to view Kubernetes configurations effectively using the appropriate kubectl commands, along with expert tips and practical examples.

1.How to View ConfigMaps (Non-Sensitive Config Data)
List All ConfigMaps
kubectl get configmaps

This will show all ConfigMaps in the current namespace. If you want to view ConfigMaps across all namespaces:

kubectl get configmaps --all-namespaces
View a Specific ConfigMap
kubectl get configmap <name> -o yaml

This will output 

apiVersion: v1
data:
  app.properties: |
    key1=value1
    key2=value2
kind: ConfigMap
metadata:
  name: example-config
  namespace: default

Or get a more human-readable description:

kubectl describe configmap <name>

This will output:

Name:         example-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
app.properties:
----
key1=value1
key2=value2

Events:  <none>

ConfigMaps are commonly used to inject environment variables or configuration files into pods without rebuilding container images.

2. How to View Secrets (Sensitive Configuration)
List All Secrets
kubectl get secrets

For all namespaces:

kubectl get secrets --all-namespaces

This will be a example of output:

NAMESPACE     NAME                           TYPE                                  DATA   AGE
default       default-token-abcde            kubernetes.io/service-account-token   3      10d
kube-system   coredns-token-fghij            kubernetes.io/service-account-token   3      10d
default       my-secret                      Opaque                                2      5d
dev           db-credentials                 Opaque                                2

Secrets store sensitive data such as passwords, tokens, and keys. Kubernetes base64-encodes secret values, so you’ll need to decode them manually. As you can see there are different types of secrets:

1. Opaque (default)

Usage: Generic key-value pairs.

Example use: Storing app credentials, API keys, etc.

How to create:

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret123
2. kubernetes.io/service-account-token

Usage: Automatically created by Kubernetes to store tokens for service accounts.

Contains:

  • token: Bearer token for authentication
  • ca.crt: Certificate authority
  • namespace: The namespace of the service account

Auto-mounted into pods by default.

3. kubernetes.io/dockercfg (deprecated)

Usage: Used for authenticating to Docker registries (older format).

Replaced by: kubernetes.io/dockerconfigjson

4. kubernetes.io/dockerconfigjson

Usage: Stores Docker registry credentials in a JSON format.

Used for: Pulling private container images.

Here is how to create one:

kubectl create secret docker-registry regcred \
--docker-username=<username> \
--docker-password=<password> \
 --docker-email=<email> \
--docker-server=<registry>

5. kubernetes.io/basic-auth

Usage: Stores username and password fields for basic HTTP authentication.

Example:

kind: Secret
type: kubernetes.io/basic-auth
data:
  username: YWRtaW4=   # base64 of 'admin'
  password: c2VjcmV0   # base64 of 'secret'
6.kubernetes.io/ssh-auth

Usage: Stores SSH private keys.

Field: ssh-privatekey

Example:

kind: Secret
type: kubernetes.io/ssh-auth
data:
  ssh-privatekey: <base64-encoded-private-key>
8. kubernetes.io/tls

Usage: Stores a TLS certificate and private key.

Fields: tls.crt, tls.key

How to create:

kubectl create secret tls tls-secret \
  --cert=path/to/tls.crt \
  --key=path/to/tls.key

View a Secret
kubectl describe secret <name>

To decode a specific key:

kubectl get secret <name> -o jsonpath="{.data.<key>}" | base64 --decode

⚠️ Important: Always be careful when printing secrets — especially in production environments or shared terminals.

Summary

  • Use kubectl get configmaps for non-sensitive app settings.
  • Use kubectl get secrets to view and manage sensitive values (carefully).
  • Use kubectl config view to inspect your local kubeconfig file and API server access.
  • Combine these commands with describe, -o yaml, and jsonpath for full visibility.

Mastering these techniques will help you manage Kubernetes configurations more confidently and securely.