GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → machinezone → configmapsecrets

machinezone / configmapsecrets

Licence: BSD-3-Clause License
A Kubernetes controller to manage configs with a mix of secret and non-secret data

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

Labels

kubernetessecretskubernetes-secretsconfigmaps

Projects that are alternatives of or similar to configmapsecrets

Helm Secrets
Successor of zendesk/helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 165 (+650%)
Mutual labels:  secrets, kubernetes-secrets
Helm Secrets
DEPRECATED A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 1,129 (+5031.82%)
Mutual labels:  secrets, kubernetes-secrets
Vault Secrets Operator
Create Kubernetes secrets from Vault for a secure GitOps based workflow.
Stars: ✭ 298 (+1254.55%)
Mutual labels:  secrets, kubernetes-secrets
vault-sidecar-injector
Kubernetes admission webhook for secure, seamless and dynamic handling of secrets in your applications
Stars: ✭ 55 (+150%)
Mutual labels:  secrets, kubernetes-secrets
cli
The official CLI for interacting with your Doppler secrets and configuration.
Stars: ✭ 96 (+336.36%)
Mutual labels:  secrets
bitw
Minimalist BitWarden client
Stars: ✭ 110 (+400%)
Mutual labels:  secrets
securestore-rs
A simple, encrypted, git-friendly, file-backed secrets manager for rust
Stars: ✭ 26 (+18.18%)
Mutual labels:  secrets
go-microepoch
A complete DevOps cycle for Building and Deploying a Go Application to Kubernetes cluster.
Stars: ✭ 34 (+54.55%)
Mutual labels:  kubernetes-secrets
webextension
Detect secrets in your request/response using secretlint.
Stars: ✭ 40 (+81.82%)
Mutual labels:  secrets
kubesecret
Kubesecret is a command-line tool that prints secrets and configmaps data of a kubernetes cluster.
Stars: ✭ 19 (-13.64%)
Mutual labels:  kubernetes-secrets
tesoro
Kapitan Admission Controller Webhook
Stars: ✭ 32 (+45.45%)
Mutual labels:  kubernetes-secrets
secode
Utility for encoding/decoding Kubernetes secrets (base64)
Stars: ✭ 23 (+4.55%)
Mutual labels:  kubernetes-secrets
kubectl-gopass
Plugin for kubectl to support reading and writing secrets directly from/to gopass
Stars: ✭ 28 (+27.27%)
Mutual labels:  secrets
homeage
runtime decrypted age secrets for nix home manager
Stars: ✭ 43 (+95.45%)
Mutual labels:  secrets
secrets.clj
A library designed to generate cryptographically strong random numbers.
Stars: ✭ 64 (+190.91%)
Mutual labels:  secrets
kubecrypt
Helper for dealing with secrets in kubernetes.
Stars: ✭ 23 (+4.55%)
Mutual labels:  secrets
detect-secrets
A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
Stars: ✭ 43 (+95.45%)
Mutual labels:  secrets
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Stars: ✭ 107 (+386.36%)
Mutual labels:  secrets
evildork
Evildork targeting your fiancee👁️
Stars: ✭ 46 (+109.09%)
Mutual labels:  secrets
SecretsManagerwithCloudFormation
Implements a Lambda-backed CloudFormation Custom Resource for AWS Secrets Manager
Stars: ✭ 20 (-9.09%)
Mutual labels:  secrets
View All Similar Projects ➔

ConfigMapSecrets

Release API Reference Go Report Card License

Problem

I have a config that contains a mixture of secret and non-secret data. For some reason I can't use environment variables to reference the secret data. I want to check my config into source control, keep my secret data secure, and keep my non-secret data easily readable and editable.

Solution

Use a ConfigMapSecret which is safe to store in source control. It's like a ConfigMap that includes your non-secret data, but it can reference Secret variables, similar to how container args can reference env variables. The controller will expand and render it into a Secret in the same namespace, keeping it updated to reflect changes to the ConfigMapSecret or its referenced variables.

Use SealedSecrets to keep your referenced Secret data secure.

Installation

kubectl apply -f manifest/*.yaml

Example

Input

apiVersion: secrets.mz.com/v1alpha1
kind: ConfigMapSecret
metadata:
  name: alertmanager-config
  namespace: monitoring
  labels:
    app: alertmanager
spec:
  template:
    metadata:
      # optional: name defaults to same as ConfigMapSecret
      name: alertmanager-config
      labels:
        app: alertmanager
    data:
      alertmanager.yaml: |
          global:
            resolve_timeout: 5m
            opsgenie_api_key: $(OPSGENIE_API_KEY)
            slack_api_url: $(SLACK_API_URL)
          route:
            receiver: default
            group_by: ["alertname", "job", "team"]
            group_wait: 30s
            group_interval: 5m
            repeat_interval: 12h
            routes:
              - receiver: foobar-sre
                match:
                  team: foobar-sre
              - receiver: widget-sre
                match:
                  team: widget-sre
          receivers:
            - name: default
              slack_configs:
                - channel: unrouted-alerts
            - name: foobar-sre
              opsgenie_configs:
                - responders:
                    - name: foobar-sre
                      type: team
              slack_configs:
                - channel: foobar-sre-alerts
            - name: widget-sre
              opsgenie_configs:
                - responders:
                    - name: widget-sre
                      type: team
              slack_configs:
                - channel: widget-sre
  vars:
    - name: OPSGENIE_API_KEY
      secretValue:
        name: alertmanager-keys
        key: opsgenieKey
    - name: SLACK_API_URL
      secretValue:
        name: alertmanager-keys
        key: slackURL
---
apiVersion: v1
kind: Secret
metadata:
  name: alertmanager-keys
  namespace: monitoring
  labels:
    app: alertmanager
stringData:
  opsgenieKey: 9eccf784-bbad-11e9-9cb5-2a2ae2dbcce4
  slackURL: https://hooks.slack.com/services/EFNPN1/EVU44X/J51NVTYSKwuPtCz3
type: Opaque

Output

apiVersion: v1
kind: Secret
metadata:
  name: alertmanager-config
  namespace: monitoring
  labels:
    app: alertmanager
stringData:
  alertmanager.yaml: |
    global:
      resolve_timeout: 5m
      opsgenie_api_key: 9eccf784-bbad-11e9-9cb5-2a2ae2dbcce4
      slack_api_url: https://hooks.slack.com/services/EFNPN1/EVU44X/J51NVTYSKwuPtCz3
    route:
      receiver: default
      group_by: ["alertname", "job", "team"]
      group_wait: 30s
      group_interval: 5m
      repeat_interval: 12h
      routes:
        - receiver: foobar-sre
          match:
           team: foobar-sre
        - receiver: widget-sre
          match:
            team: widget-sre
    receivers:
      - name: default
        slack_configs:
          - channel: unrouted-alerts
      - name: foobar-sre
        opsgenie_configs:
          - responders:
              - name: foobar-sre
                type: team
        slack_configs:
          - channel: foobar-sre
      - name: widget-sre
        opsgenie_configs:
          - responders:
              - name: widget-sre
                type: team
        slack_configs:
          - channel: widget-sre
type: Opaque
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].