🔢 Security

Base64 Encoder / Decoder

Encode plain text to Base64 or decode Base64 back to text. Toggle Kubernetes Secret mode to generate a ready-to-apply Secret YAML manifest.

📖 How to Use

▼

Paste text into the input area

Choose Encode or Decode mode

Enable K8s Secret mode for Kubernetes YAML output

📝 Examples

Encode

Hello, World!

SGVsbG8sIFdvcmxkIQ==

📝 Input

Encode Decode

K8s Secret

✅ Encoded Output

What is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into a string of printable ASCII characters. It encodes every 3 bytes of input into 4 characters drawn from a 64-character alphabet: uppercase and lowercase letters (A–Z, a–z), digits (0–9), plus sign (+), and forward slash (/), with the equals sign (=) used as padding. The result is a string safe to transmit through any system designed to handle text only — including HTTP headers, JSON payloads, HTML data attributes, and email.

Base64 was originally designed for MIME email attachments but has become essential throughout cloud and DevOps infrastructure. Any time binary data — a TLS certificate, a cryptographic key, an image, a compiled binary — needs to travel through a text-only channel, Base64 is the standard encoding used. It increases data size by approximately 33% but is computationally trivial to encode and decode in any language.

When to Use This Tool

Kubernetes Secrets: Secret manifest data fields require Base64-encoded values — use the built-in K8s Secret mode to generate a complete, ready-to-apply YAML manifest from your plaintext value.
HTTP Basic Authentication: The Authorization: Basic <token> header carries a Base64-encoded string of username:password — encode credentials here before pasting into API testing tools or curl commands.
JWT inspection: JWT tokens are three dot-separated Base64url segments; decode the header or payload section here to inspect claims, expiry times, and algorithm fields.
API credentials and config: Many cloud services and internal APIs return credentials, certificates, or configuration blobs as Base64-encoded strings that need decoding before use in application config files.
Debugging encoding errors: When a service is sending or receiving garbled Base64 data, encode your expected value and compare it character-for-character against the actual received string to locate the mismatch.

How It Works

The tool uses the browser's built-in btoa() (binary to ASCII) and atob() (ASCII to binary) functions, wrapped with encodeURIComponent and decodeURIComponent to handle Unicode input correctly. Without these wrappers, multi-byte characters such as accented letters, emoji, and CJK characters would throw an error; the wrappers first percent-encode the input before handing it to btoa(), ensuring full Unicode support. All processing happens entirely in your browser — no data is ever transmitted to a server.

Frequently Asked Questions

What is Base64 encoding?

Base64 is a method of representing binary data as a string of printable ASCII characters. It converts every 3 bytes into 4 characters, using an alphabet of 64 printable characters. It is not encryption — anyone who has the Base64 string can decode it immediately with zero effort. It is purely an encoding scheme designed to make binary data safe to embed in text-only protocols and fields, such as HTTP headers, JSON bodies, XML attributes, and CSS data: URIs.

What is the difference between Base64 encode and decode?

Encoding converts plaintext or binary input into a Base64 string — for example, the text "Hello" becomes "SGVsbG8=". Decoding reverses the process: a Base64 string is converted back to the original plaintext or binary content. Use encode when you need to store or transmit data in a Base64 field (such as a Kubernetes Secret), and decode when you receive a Base64 string and need to read what it actually contains.

Does this tool handle Kubernetes Secrets?

Yes. Enable K8s Secret mode to generate a complete Kubernetes Secret YAML manifest with your Base64-encoded data, including configurable name, namespace, and key fields. The generated YAML is ready to apply with kubectl apply -f. Kubernetes requires all values in the data map to be Base64-encoded — this is by design so that arbitrary binary values (like TLS certificates or binary config blobs) can be stored alongside text values in the same manifest without escaping issues.