How do I decode a Kubernetes Secret value to YAML?

Copy the Base64 string from the Secret's data field, paste it here and click Decode. The tool decodes the bytes back to text and validates the result as YAML, so you can read the original config or credential. Everything happens locally — secret values never leave your browser.

How do I decode every value in a Secret at once?

Each entry under data is encoded separately, so decode them one at a time here, or on a cluster run kubectl get secret -o jsonpath. This tool is the quick, offline way to inspect a single value without exposing it to a server.

Why does my decoded YAML show a warning?

The tool flags when the decoded text does not parse as valid YAML — useful for telling apart a value that was genuinely YAML from one that was a plain string, a certificate, or binary data that merely lived in a Secret. The raw decoded text is still shown.

Is decoding a Secret value safe to do here?

Yes from a privacy standpoint — decoding runs entirely in your browser with no upload or logging. Operationally, remember that Base64 is not encryption: the value was never secret to anyone who could read the manifest.

Does it restore indentation and Unicode?

Yes. Base64 is byte-exact, so indentation, block scalars and non-ASCII characters are restored exactly; the result is then re-serialized as clean YAML.

Base64 to YAML - Decode Base64 to YAML Online Free

Base64 to YAML — read Kubernetes Secret values

The everyday use for decoding Base64 to YAML is inspecting a Kubernetes Secret: its data: values are Base64, so to read a config or credential you decode it back. This tool decodes UTF-8-safely and validates the result as YAML, entirely in your browser — so the value never touches a server.

Quick reference

# on a cluster
kubectl get secret app -o jsonpath='{.data.config}' | base64 -d
# here: paste the data value and click Decode

The tool flags when the decoded text is not valid YAML, which helps you tell a real YAML value apart from a certificate, token or binary blob that simply lived in the Secret.

⚠️ Encoded ≠ encrypted

Anyone who can read the manifest can decode these values — Base64 is not a security boundary. Reverse this with YAML to Base64.

Related tools

YAML to Base64 — encode the other way
Base64 to JSON · Base64 to XML
YAML Validator · YAML to JSON

Free Base64 to YAML decoder — read Kubernetes Secret values offline

Base64 to YAML — read Kubernetes Secret values

Quick reference

⚠️ Encoded ≠ encrypted

Related tools