3 stable releases
Uses old Rust 2015
1.1.0 | Dec 20, 2017 |
---|---|
1.0.1 | Dec 12, 2017 |
1.0.0 | Dec 11, 2017 |
#2105 in Development tools
7KB
77 lines
Kubernetes Secret Maker
Problem:
- You want to put secrets inside your kubernetes cluster
- You want to do it in a clean repeatable way
- You don't want to leave those secrets lying around in files
Solution:
- Temporarily put the secrets in the environment
- Generate a secrets file on stdout
- Pipe it into
kubectl apply -f -
Usage
You can use this tool through Rust's Cargo:
$ cargo install kubesm
$ NAME=test SK_MY_SECRET="my secret" kubesm | kubectl apply -f -
or with Docker:
$ docker run --rm -e NAME=test -e SK_MY_SECRET="my secret" apolitical/kubesm | kubectl apply -f -
For added safety, you can tell your shell not to remember commands that started with a space.
$ HISTCONTROL=ignorespace
$ NAME=test SK_MY_SECRET="my secret" kubesm | kubectl apply -f -
^ extra space
How it works
Provide a NAME
for the resource that will be created, each secret should be prefixed with SK_
, but this will be
removed when output. You can optionally provide NAMESPACE
, but it isn't required. Here's what just the output would
look like:
$ NAME=test NAMESPACE=test-namespace SK_MY_SECRET="my secret" kubesm
---
apiVersion: v1
kind: Secret
metadata:
name: test
namespace: "test-namespace"
type: Opaque
data:
MY_SECRET: bXkgc2VjcmV0
Limitations
Most of the above is statically stored in the binary. There's currently no flexability in the apiVersion
or type
Contributing
If you want to help, that's brilliant! Have a look at our Contributing Guide. We also adhere to a Code of Conduct, so please check that out, it includes details on who to contact if you have any concerns.
Dependencies
~1.2–1.8MB
~41K SLoC