jq Favorites

Kubernetes Patterns

Decode ALL Secret Data

# Decode ALL k8s secret data at once
kubectl -n wazuh get secret indexer-cred -o json | \
  jq -r '.data | to_entries[] | "\(.key): \(.value | @base64d)"'

Bulk Secret Decode

# Decode multiple secrets in one pass
for secret in dashboard-cred indexer-cred wazuh-api-cred wazuh-authd-pass; do
  echo "=== $secret ==="
  kubectl -n wazuh get secret "$secret" -o json 2>/dev/null | \
    jq -r '.data | to_entries[] | "\(.key): \(.value | @base64d)"' || echo "(not found)"
done

Resource Utilization

# Pod resource utilization with percentage calculation
kubectl top pods -A --no-headers | \
  while read ns pod cpu mem; do
    # Get limits from pod spec
    limits=$(kubectl get pod "$pod" -n "$ns" -o json 2>/dev/null | \
      jq -r '.spec.containers[0].resources.limits.memory // "N/A"')
    echo "$ns $pod $cpu $mem $limits"
  done | column -t

Vault PKI Patterns

Extract Certificate Components

# Extract Vault PKI certificate components
CERT_JSON="/tmp/cert.json"
vault write -format=json pki_int/issue/domus-client \
  common_name="grafana.inside.domusdigitalis.dev" \
  ttl="8760h" > "$CERT_JSON"

jq -r '.data.certificate' "$CERT_JSON" > /tmp/grafana.crt
jq -r '.data.private_key' "$CERT_JSON" > /tmp/grafana.key
jq -r '.data.ca_chain[]' "$CERT_JSON" >> /tmp/grafana.crt  # Append chain

ISE / netapi Patterns

Policy Set Analysis

# ISE policy set analysis - rules per policy with conditions
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq -r '.response[] | {
    name: .name,
    state: .state,
    rules: (.rules // [] | length),
    conditions: (.condition.children // [] | length)
  } | "\(.name)\t\(.state)\t\(.rules) rules\t\(.conditions) conditions"'

dACL Comparison

# Compare dACL content between ISE nodes
diff <(netapi ise ers get-dacl-by-name Linux-AD-Auth-dACL --node ise-01 | jq -r '.DownloadableAcl.dacl') \
     <(netapi ise ers get-dacl-by-name Linux-AD-Auth-dACL --node ise-02 | jq -r '.DownloadableAcl.dacl')

Endpoint to Env Variables

# Convert JSON to shell environment variables
netapi ise ers endpoint-by-mac 14:F6:D8:7B:31:80 | jq -r '
  .ERSEndPoint | to_entries[] |
  "ISE_\(.key | ascii_upcase)=\(.value)"'

Wazuh Patterns

Agent Status

# Wazuh agent inventory with status
netapi wazuh agents --format json | jq -r '
  .data.affected_items[] |
  [.id, .name, .ip, .status, .os.name, .version] | @tsv' | \
  column -t -s $'\t' -N "ID,NAME,IP,STATUS,OS,VERSION"

pfSense Patterns

Firewall Rule Analysis

# pfSense firewall rule analysis
netapi pfsense api-call GET /api/v2/firewall/rule | jq -r '
  .data[] | select(.enabled == true) |
  [.interface, .protocol, .source, .destination, .descr] | @tsv' | \
  column -t -s $'\t' -N "IF,PROTO,SRC,DST,DESC"

Core Patterns

Filter Arrays

# Select by condition
jq '.items[] | select(.status == "Running")'

# Select by name pattern
jq '.items[] | select(.metadata.name | test("grafana"))'

Diff JSON Objects

# Deep diff two JSON objects
diff <(jq -S . before.json) <(jq -S . after.json)

Find Nested Keys

# Find all occurrences of a key at any depth
jq '.. | objects | select(has("password")) | .password' config.json