What Is Base64?

Base64 is an encoding scheme, not encryption. It converts binary data into a text-safe format by representing 8-bit bytes as 6-bit groups, mapped to 64 printable ASCII characters.

The key point: anyone with a Base64 string can decode it instantly without a key. It's used for transport safety (text-only protocols), not secrecy. If you need secrecy, use encryption (AES, RSA) before Base64.

Base64 vs Base64url

Base64 uses + and /, which have special meanings in URLs and MIME.

Base64url (RFC 4648) replaces them with - and _ for safe URL embedding. JWT tokens use Base64url for the header and payload sections.

Real-World Use Cases

πŸ” JWT Token Decoding

Inspect claims (user ID, roles, expiry) without pasting into jwt.io or third-party sites.

Read guide β†’

βš™οΈ Kubernetes Secrets

Encode raw values for Secret data: fields. Decode existing secrets to debug.

Read guide β†’

πŸ”‘ HTTP Basic Auth

Combine username and password: user:pass β†’ Base64 β†’ Authorization header.

Read guide β†’

πŸ–ΌοΈ Data URIs

Embed images directly in HTML/CSS: <img src="data:image/png;base64,...">

Learn more β†’

Why Never Use Online Tools (Even "Secure" Ones)

Use a local tool instead. TextForge runs entirely in your browserβ€”your data never leaves your machine.

Quick Reference: Common Operations

Encode a string

Input: hello
Output: aGVsbG8=

Decode a JWT header

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
β†’
{"alg":"HS256","typ":"JWT"}

Encode for Kubernetes Secret

Input: my-secret-password
Output: bXktc2VjcmV0LXBhc3N3b3Jk

In Secret YAML:
data:
  password: bXktc2VjcmV0LXBhc3N3b3Jk

Encode for Basic Auth

Input: admin:mypassword
Output: YWRtaW46bXlwYXNzd29yZA==

In HTTP header:
Authorization: Basic YWRtaW46bXlwYXNzd29yZA==

Privacy-First Encoding

TextForge is a free Chrome extension that encodes and decodes Base64 locally in your browser:

Remember: Base64 is encoding, not encryption. Always assume a Base64 string can be decoded by anyone. If you're encoding sensitive data (passwords, API keys, tokens), encrypt it first, then Base64-encode the ciphertext for transport.