jarvisbox

ConfigMap Diff with Base64 Decode

Kubernetes ConfigMap and Secret resources store their data values as base64-encoded strings. When reviewing a change to a Secret — a rotated database password, an updated TLS certificate, a new API key — the base64 encoding makes it impossible to understand what actually changed without decoding each value manually.

This tool automatically decodes base64 values in ConfigMap and Secret .data fields before running the semantic diff. Instead of seeing that cG9zdGdyZXM6Ly9sb2NhbGhvc3Q= changed to cG9zdGdyZXM6Ly9wcm9kLXBn, you see that the DATABASE_URL changed from postgres://localhost to postgres://prod-pg. The decoded values appear in the diff output and are never sent to a server.

The tool also handles Sealed Secrets and other encrypted secret management patterns where the YAML structure follows the ConfigMap/Secret schema. Paste the decrypted YAML (for review purposes) and see the decoded diff immediately.

Open YAML Semantic Diff →

How to use

  1. Paste your original YAML (Helm values, K8s manifests, or any multi-document stream) into the Before box.
  2. Paste the updated version into the After box. Enable Key docs by kind+name for Kubernetes streams.
  3. Click Compare to see the semantic diff, then use Copy as kubectl patch to export a merge patch.

Related tools

Reportar un problema con esta herramienta