The following command will give you the secret chronological history:
kubectl get secret <name> --namespace <namespace> --show-managed-fields -o jsonpath='{range .metadata.managedFields[*]}{.manager}{" did "}{.operation}{" at "}{.time}{"\n"}{end}'
Example, create a secret:
kubectl create secret generic test --from-literal user=$(echo 'somebody' | base64)
Run the above command:
kubectl-create did Update at 2021-12-06T01:12:17Z
Retrieve the created secret
kubectl get secret test -o yaml > test.yaml
. Replace the value for "user" in the yaml with echo 'nobody' | base64
output and re-apply kubectl apply -f test.yaml
.
Run the above command and it reports the last update action and timestamp:
kubectl-create did Update at 2021-12-06T01:12:17Z
kubectl-client-side-apply did Update at 2021-12-06T01:13:33Z
Now do a replace kubectl patch secret test --type='json' -p='[{"op" : "replace" ,"path" : "/data/user" ,"value" : "aGVsbG93b3JsZAo="}]'
Run the above command again:
kubectl-create did Update at 2021-12-06T01:12:17Z
kubectl-client-side-apply did Update at 2021-12-06T01:13:33Z
kubectl-patch did Update at 2021-12-06T01:21:57Z
The command correctly reports all the changes made to the secret.
kubectl-client-side-apply did Update at 2021-12-05T20:38:19Z
– Dominic