Skip to content
/ kustomize-sops-rs Public

Kustomize (exec) plugin to generate secrets/config map from encrypted .env files and simple decrypter

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jaysonsantos/kustomize-sops-rs

BranchesTags

Repository files navigation

kustomize-sops-rs

Kustomize (exec) plugin to generate secrets/config map from encrypted .env files and simple decrypter

Requirements

It basically needs sops binary in your path to work and to run the tests, gpg is also required.

Installing

Just run the following script and it should place the binary on /usr/local/bin and it creates the kustomize structure to host the plugin.

curl -sL https://github.com/jaysonsantos/kustomize-sops-rs/raw/main/install.sh | bash -s

The output should be like this:

./install.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  8139    0  8139    0     0  25675      0 --:--:-- --:--:-- --:--:-- 26003
Downloading binary https://github.com/jaysonsantos/kustomize-sops-rs/releases/download/v0.1.0/kustomize-sops-x86_64-unknown-linux-musl.gz
Done
Install kustomize-sops-x86_64-unknown-linux-musl to /usr/local/bin/kustomize-sops
Linking plugins
Linking kustomize-sops-rs to /home/jayson/.config/kustomize/plugin/kustomize-sops-rs/v1/configmapgenerator/ConfigMapGenerator
Linking kustomize-sops-rs to /home/jayson/.config/kustomize/plugin/kustomize-sops-rs/v1/secretgenerator/SecretGenerator
Linking kustomize-sops-rs to /home/jayson/.config/kustomize/plugin/kustomize-sops-rs/v1/simpledecrypt/SimpleDecrypt

Usage

This is a generator so your kustomize file should have something along these lines.

generators:
  - secrets.yaml

and the secrets file

apiVersion: kustomize-sops-rs/v1
kind: SecretGenerator
metadata:
  name: secrets
files:
  - encrypted.yaml
---
apiVersion: kustomize-sops-rs/v1
kind: ConfigMapGenerator
metadata:
  name: config-map
files:
  - encrypted.yaml
---
apiVersion: kustomize-sops-rs/v1
kind: SimpleDecrypt
metadata:
  name: simple-decrypt
files:
  - ingress.enc.yaml

The kinds SecretGenerator and ConfigMapGenerator should generate Secret and ConfigMap the same way kustomize does (with the shiny hashes) but it reads an yaml file with one level of mapping for now. To test it, create an encrypted file with sops using the following command (assuming you imported the private key from tests folder)

printf "key: value\npassword: protected\n" | \
sops -p EBC846D0169D43A96ABA1C31AD471BDF8E8A0484 \
     -e --input-type yaml --output-type yaml \
     /dev/stdin > encrypted.yaml

After this you could just run kustomize build --enable_alpha_plugins folder and it should generate your final yaml. The kind SimpleDecrypt will just decrypt the file and pass it along, so it has to be a valid kubernetes object as you will probably apply it.

About

Kustomize (exec) plugin to generate secrets/config map from encrypted .env files and simple decrypter

Topics

kubernetes rust kustomize kustomize-plugin

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 3

Release v0.1.2 Latest
May 9, 2022
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages