picoCTF Solutions
picoCTF 2026General SkillsMedium

KSECRETS

Published: March 20, 2026

Description

We have a kubernetes cluster setup and the flag is in the secrets. You think you can get it?

Setup

Launch the challenge instance and SSH in.

A kubeconfig or service account token will be available in the environment.

Solution

  1. Step 1Check the Kubernetes context
    Verify that kubectl is configured and which cluster/namespace you have access to.
    kubectl config current-context
    kubectl get namespaces
    kubectl auth can-i --list
  2. Step 2List Kubernetes secrets
    List all secrets in the current namespace (or all namespaces if you have cluster-wide access).
    kubectl get secrets
    kubectl get secrets --all-namespaces
  3. Step 3Retrieve the flag secret
    Describe or get the flag secret and decode the base64-encoded value.
    kubectl get secret flag-secret -o yaml
    kubectl get secret flag-secret -o jsonpath='{.data.flag}' | base64 -d

Flag

picoCTF{k8s_s3cr3ts_...}

Kubernetes secrets are stored base64-encoded; kubectl get secret with -o jsonpath decodes them.