Why base64-encode environment variables?
Several platforms require environment variable values to be base64-encoded:
- Kubernetes Secrets — all values in a
Secretmanifest must be base64-encoded. kubectl decodes them on pod injection. - GitHub Actions secrets — when a secret contains newlines (e.g., a PEM certificate), base64 collapses it to a single line.
- Docker / Docker Compose — values with
$,#, or=can cause parsing issues. base64 eliminates all special characters.
Decoding at runtime
Node.js: Buffer.from(process.env.MY_VAR, 'base64').toString('utf8')
Python: import base64; base64.b64decode(os.environ['MY_VAR']).decode()
Shell: echo "$MY_VAR" | base64 --decode