Credential access
Reads kubeconfig, exec credentials, cluster tokens, and namespace context.
brew / protected-tool coverage
Kubernetes command-line interface. Version 1.36.2 via Homebrew; verified 2026-06-12.
agent safety
kubernetes-cli provides kubectl, which controls Kubernetes clusters and workloads.
Reads kubeconfig, exec credentials, cluster tokens, and namespace context.
Can create, patch, delete, scale, and exec into cluster workloads.
Can apply manifests that deploy or expose application artifacts.
Gate kubectl apply, delete, patch, exec, port-forward, and context changes.
Allow get/describe with safe contexts; require approval for cluster writes and secret reads.
install
brew install kubernetes-clilocal Homebrew formula metadata
sudo port install kubectlMacPorts ports tree · sysutils/kubectl/Portfile · source: api.github.com
sudo apk add kubectlAlpine Linux edge package indexes · kubectl · source: dl-cdn.alpinelinux.org
sudo apt install kubectlDebian stable package indexes · kubectl · source: deb.debian.org
nix profile install nixpkgs#kubectlnixpkgs package indexes · pkgs/by-name/ku/kubectl/package.nix · source: api.github.com
sudo pacman -S kubectlArch Linux sync databases · kubectl · source: geo.mirror.pkgbuild.com
choco install kubernetes-cliChocolatey community package catalog · kubernetes-cli · source: community.chocolatey.org
winget install --id Kubernetes.kubectl -eWindows Package Manager source index · Kubernetes.kubectl · source: cdn.winget.microsoft.com
scoop install main/kubectlScoop official bucket manifest trees · bucket/kubectl.json · source: api.github.com
overview
Kubernetes command-line interface
history
kubectl is the Kubernetes command-line client and the binary packaged by Homebrew as kubernetes-cli. It is the standard local interface for sending requests to the Kubernetes control plane, reading and writing objects, inspecting resources, and driving day-to-day cluster operations.
Kubernetes began as an open source Google project in 2014 and reached version 1.0 on July 21, 2015, alongside Google's announcement that the project would be donated to the newly formed Cloud Native Computing Foundation. kubectl evolved with the project as the human-facing client for the Kubernetes API.
As Kubernetes became the common substrate for cloud-native infrastructure, kubectl became one of the most widely installed operations binaries in developer and platform-engineering toolchains. Its packaging across Homebrew, Linux distributions, Chocolatey, Scoop, winget, Nix, MacPorts, and other systems reflects that it is both a developer tool and an infrastructure administration tool.
kubectl reads kubeconfig data to select a cluster, user, namespace, and context, then communicates with the API server. Kubernetes documentation says kubectl looks for config in $HOME/.kube/config by default, while KUBECONFIG and --kubeconfig allow explicit or merged configuration files.
The kubernetes-cli package is significant because it decouples the local client from a full Kubernetes installation. Package managers let users pin or upgrade the client, match cluster version-skew policy, and keep scripts using a predictable kubectl binary without installing control-plane components.
protected-tool coverage
`kubectl` reads kubeconfig files that commonly contain bearer tokens or embedded client private keys. Our isotope stores supported user credentials in the macOS keychain, rewrites kubeconfig user entries to Kubernetes exec credential plugins, and exposes credentials through `av credential-helper kubernetes` only while `kubectl` runs.
orange risk · high confidence · infrastructure
Local README excerpt
kubectl reads kubeconfig files that commonly contain bearer tokens, passwords, client key paths, or embedded client key data.
This protected-tool coverage migrates the default kubeconfig into the Automic Vault keychain and rewrites supported user entries to Kubernetes exec credential plugins that call av credential-helper kubernetes. The wrapper provides a short-lived approval token while kubectl is running.
~/.kube/config file only.KUBECONFIG setups must be migrated manually.migrated to the exec helper.
be migrated manually.
migratable secrets.
Source: local coverage notes
Local secret-handling manifest
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.kube/configCredential-bearing paths to review before unattended agent runs.
~/.kube/configexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
kubectl | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/kubernetes/kubernetes
install metadata
| Package key | brew:kubernetes-cli |
|---|---|
| Version | 1.36.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/kubernetes-cli |
| Homepage | https://kubernetes.io/docs/reference/kubectl/ |
| Repository | https://github.com/kubernetes/kubernetes |
| Upstream docs | https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig |
| License | Apache-2.0 |
| Source archive | https://github.com/kubernetes/kubernetes.git |
| Last updated | 2026-06-12T13:38:45Z |
| Pulse | updated |
| Build dependencies | bash, coreutils, go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | kubernetes-cli |
| Aliases |
|
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
kubernetes-cli
choco install kubernetes-cliKubernetes.kubectl
winget install --id Kubernetes.kubectl -ekubectl
sudo port install kubectlkubectl 1.32.3+ds-2
Command-line tool for controlling Kubernetes clusters
sudo apt install kubectlkubectl
nix profile install nixpkgs#kubectlkubectl 1.36.1-r0
Kubernetes - kubectl
sudo apk add kubectlkubectl 1.36.1-1
A command line tool for communicating with a Kubernetes API server
sudo pacman -S kubectlmain/kubectl
scoop install main/kubectlsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.