DevOps 2026-03-07

Encode Secrets in Base64 for Config Files

Encode API keys, connection strings, and credentials in Base64 for Kubernetes secrets, Docker configs, and environment files.

B64 Uses: Base64 Encoder — Free

The Problem

Kubernetes secrets require Base64-encoded values. Your CI/CD pipeline needs to pass credentials in environment variables. You need to encode a connection string without installing tools locally.

Why This Matters

Base64 encoding is required by multiple infrastructure tools: Kubernetes secrets, Docker config.json, HTTP Basic Auth headers, and JSON Web Tokens all use Base64. Understanding how to encode/decode quickly is an essential DevOps skill. Note: Base64 is encoding, not encryption — it doesn't provide security on its own.

Step-by-Step Instructions

1

Paste your secret value

Type or paste the plaintext value: API key, connection string, password, or any text. Do this in a private browser session if the value is sensitive.

2

Choose Encode

Click Encode to get the Base64-encoded string. Copy the output to use in your Kubernetes YAML, Docker config, or CI/CD environment variable.

3

Verify by decoding

Paste the encoded string back and click Decode to verify the round-trip. This confirms the value will be correctly decoded by your infrastructure.

4

Use in Kubernetes secret

In your secret.yaml: data:\n api-key: <base64-encoded-value>. Kubernetes automatically decodes Base64 when mounting secrets as environment variables.

Try It Now — Base64 Encoder

Open full page →
Base64 Encoder — Live Demo

All processing happens in your browser — no data is sent to any server.

Before & After Example

Plaintext API key (cannot go in Kubernetes YAML directly) 
sk-proj-abc123xyz789-my-openai-api-key-here
Base64 encoded (safe for Kubernetes secret data field) 
# In secret.yaml:
apiVersion: v1
kind: Secret
metadata:
  name: openai-credentials
type: Opaque
data:
  api-key: c2stcHJvai1hYmMxMjN4eXo3ODktbXktb3BlbmFpLWFwaS1rZXktaGVyZQ==

Frequently Asked Questions

Is Base64 encoding the same as encryption?

No. Base64 is reversible encoding — anyone can decode it. It's used for safe data transport, not security. For secrets, use proper secret management (Vault, AWS Secrets Manager, GitHub Actions secrets).

Why does Kubernetes use Base64 for secrets?

Kubernetes secrets store arbitrary binary data, and YAML has limited binary support. Base64 encodes binary data as ASCII text safe for YAML. It's transport encoding, not security.

What's the difference between Base64 and Base64url?

Standard Base64 uses + and / characters. Base64url replaces them with - and _ for URL safety. JWT tokens use Base64url.

Related Workflows

🔓

Debug JWT Tokens in 30 Seconds

Authentication
🖼

Embed Images Inline with Base64 Encoding

Performance
{ }

Format Messy JSON from API Responses

Developer Workflow

Want the full Base64 Encoder experience?

Open the standalone tool for more space, keyboard shortcuts, and additional features.

Open Base64 Encoder →
← All Developer Guides

Related Workflow Guides

🔓 Debug JWT Tokens in 30 Seconds 🖼 Embed Images Inline with Base64 Encoding { } Format Messy JSON from API Responses