diff --git a/src/lib/validate-processor.ts b/src/lib/validate-processor.ts
index a38c7fa5b..f7c11e94d 100644
--- a/src/lib/validate-processor.ts
+++ b/src/lib/validate-processor.ts
@@ -6,6 +6,8 @@ import { shouldSkipRequest } from "./filter";
 import { Request, ValidateResponse } from "./k8s/types";
 import Log from "./logger";
 import { PeprValidateRequest } from "./validate-request";
+import { convertFromBase64Map } from "./utils";
+import { Secret } from "./k8s/upstream";
 
 export async function validateProcessor(
   capabilities: Capability[],
@@ -18,6 +20,12 @@ export async function validateProcessor(
     allowed: true, // Assume it's allowed until a validation check fails
   };
 
+  // If the resource is a secret, decode the data
+  const isSecret = req.kind.version == "v1" && req.kind.kind == "Secret";
+  if (isSecret) {
+    convertFromBase64Map(wrapped.Raw as unknown as Secret);
+  }
+
   Log.info(reqMetadata, `Processing validation request`);
 
   for (const { name, bindings } of capabilities) {