I need to get a public key from cert manager from bash. How to do it properly?
I can see the private key in kubernetes secrets; how to get public key that can be safely shared?
Asked
Active
Viewed 1,291 times
1 Answers
0
There are three ways, all should return the same output. If they are not, something is wrong.
All of this assumes Unix-y shell, and jq, base64, openssl installed. The secret is in cert-certname, the website (assuming this protects a website) is at https://example.com
1.
kubectl get secret cert-certname -o json | jq -r '.data."tls.crt"' | base64 -d > tls.crt
openssl x509 -inform pem -in tls.crt -pubkey -noout
kubectl get secret cert-certname -o json | jq -r '.data."tls.key"' | base64 -d > tls.key
openssl rsa -in tls.key -pubout
openssl s_client -connect example.com:443 | openssl x509 -pubkey -noout
Note that 1) and 2) creates files containing secrets on your disk; you should delete them afterwards. And never ever put them to git or similar version control.
Karel Bílek
- 121
- 5