Skip to content
This repository has been archived by the owner on Oct 14, 2019. It is now read-only.
/ kustomize-sopssecretgenerator Public archive
forked from goabout/kustomize-sopssecretgenerator

Kustomize generator plugin that generates Secrets from sops-encrypted files

License

Apache-2.0 license
2 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Meiqia/kustomize-sopssecretgenerator

BranchesTags
 
 

Repository files navigation

kustomize-sopssecretgenerator

Build Status Go Report Card Codecov Latest Release License

An generator plugin for kustomize that generates Secrets from files encrypted with sops.

Installation

Download the SopsSecretGenerator binary for your platform from the GitHub releases page and move it to $XDG_CONFIG_HOME/kustomize/plugin/kustomize.meiqia.com/v1beta1/sopssecretgenerator. (By default, $XDG_CONFIG_HOME points to $HOME/.config on Linux and OS X and %LOCALAPPDATA% on Windows.)

For example, to install version 1.2.0 on Linux:

VERSION=1.2.0 PLATFORM=linux ARCH=amd64
curl -Lo SopsSecretGenerator https://github.com/Meiqia/kustomize-sopssecretgenerator/releases/download/v${VERSION}/SopsSecretGenerator_${VERSION}_${PLATFORM}_${ARCH}
chmod +x SopsSecretGenerator
mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/kustomize/plugin/kustomize.meiqia.com/v1beta1/sopssecretgenerator"
mv SopsSecretGenerator "${XDG_CONFIG_HOME:-$HOME/.config}/kustomize/plugin/kustomize.meiqia.com/v1beta1/sopssecretgenerator"

Usage

Create some encrypted values using sops:

echo FOO=secret >secret-vars.env
sops -e -i secret-vars.env

echo secret >secret-file.txt
sops -e -i secret-file.txt

Add a generator to your kustomization:

cat <<. >kustomization.yaml
generators:
  - generator.yaml
.

cat <<. >generator.yaml
apiVersion: kustomize.meiqia.com/v1beta1
kind: SopsSecretGenerator
metadata:
  name: my-secret
envs:
  - secret-vars.env
files:
  - secret-file.txt
.

Run kustomize build with the --enable_alpha_plugins flag:

kustomize build --enable_alpha_plugins

The output is a Kubernetes secret containing the decrypted data:

apiVersion: v1
data:
  FOO: c2VjcmV0
  secret-file.txt: c2VjcmV0Cg==
kind: Secret
metadata:
  name: my-secret-g8m5mh84c2

An example showing all options:

apiVersion: kustomize.meiqia.com/v1beta1
kind: SopsSecretGenerator
metadata:
  name: my-secret
  labels:
    app: my-app
  annotations:
    create-by: me
behavior: create
disableNameSuffixHash: true
envs:
  - secret-vars.env
  - secret-vars.yaml
  - secret-vars.json
files:
  - secret-file1.txt
  - secret-file2.txt=secret-file2.sops.txt
type: Oblique

Development

You will need Go 1.12 or higher to develop and build the plugin.

Test

Run all tests:

make test

In order to create encrypted test data, you need to import the secret key from testdata/keyring.gpg into your GPG keyring once:

gpg --import testdata/keyring.gpg

You can then use sops to create encrypted files:

sops -e -i newfile.txt

Build

Create a binary for your system:

make

The resulting executable will be named SopsSecretGenerator.

About

Kustomize generator plugin that generates Secrets from sops-encrypted files

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v1.2.2 Latest
Oct 14, 2019
+ 2 releases

Packages

No packages published

Languages

  • Go 98.8%
  • Makefile 1.2%