GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → chrisns → kubectl-passman

chrisns / kubectl-passman

Licence: MIT license
kubectl plugin that provides the missing link/glue between common password managers and kubectl

Programming Languages

go
31211 projects - #10 most used programming language

Labels

gnome-keyringkubernetespassword-managerkeychaink8shacktoberfest1passwordcredential-storagecredentials-helperkubernetes-cligopasskubectl-plugins1password-clikubectl-pluginosx-keychainwindows-credential-managerwindows-credential-vault

Projects that are alternatives of or similar to kubectl-passman

kube-lineage
A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster.
Stars: ✭ 238 (+244.93%)
Mutual labels:  kubectl-plugins, kubectl-plugin
kubectl-gopass
Plugin for kubectl to support reading and writing secrets directly from/to gopass
Stars: ✭ 28 (-59.42%)
Mutual labels:  gopass, kubectl-plugin
kubectl-iexec
Kubectl plugin to interactively exec into a pod
Stars: ✭ 102 (+47.83%)
Mutual labels:  kubectl-plugins, kubectl-plugin
kubectlsafe
Safe operations in kubectl with plugin kubectlsafe
Stars: ✭ 36 (-47.83%)
Mutual labels:  kubectl-plugins, kubectl-plugin
buttercup-importer
🎣 3rd-party archive importer for Buttercup
Stars: ✭ 39 (-43.48%)
Mutual labels:  password-manager, 1password
kubectl-secretdata
A kubectl plugin for viewing decoded Secret data with search flags.
Stars: ✭ 37 (-46.38%)
Mutual labels:  kubectl-plugins, kubectl-plugin
Kubectl Tree
kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄 (star the repo if you are using)
Stars: ✭ 1,962 (+2743.48%)
Mutual labels:  kubectl-plugins, kubectl-plugin
kubectl-janitor
List Kubernetes objects in a problematic state
Stars: ✭ 48 (-30.43%)
Mutual labels:  kubectl-plugins, kubectl-plugin
Chezmoi
Manage your dotfiles across multiple diverse machines, securely.
Stars: ✭ 5,590 (+8001.45%)
Mutual labels:  keychain, 1password
dotfiles
My dotfiles
Stars: ✭ 22 (-68.12%)
Mutual labels:  1password, 1password-cli
kubectl-plugin-ssh-jump
A kubectl plugin to access nodes or remote services using a SSH jump Pod
Stars: ✭ 117 (+69.57%)
Mutual labels:  kubectl-plugins, kubectl-plugin
slab
sudolikeaboss replacement - 1Password utility to interact with iTerm2 and type in your passwords for you.
Stars: ✭ 26 (-62.32%)
Mutual labels:  password-manager, 1password
kubectl-gs
kubectl plugin helping with custom resources by Giant Swarm
Stars: ✭ 36 (-47.83%)
Mutual labels:  kubectl-plugins, kubectl-plugin
terracreds
A Terraform Automation and Collaboration Software credentials helper
Stars: ✭ 47 (-31.88%)
Mutual labels:  credential-storage, credentials-helper
vault
Is a plugin for project management system Redmine. Allows you to store various passwords/keys in one place for the project.
Stars: ✭ 44 (-36.23%)
Mutual labels:  password-manager, keychain
Gokey
A simple vaultless password manager in Go
Stars: ✭ 305 (+342.03%)
Mutual labels:  password-manager, keychain
Gopassbridge
A web extension for firefox and chrome to insert login credentials from gopass
Stars: ✭ 182 (+163.77%)
Mutual labels:  password-manager
Keepass2android
Password manager app for Android
Stars: ✭ 2,887 (+4084.06%)
Mutual labels:  password-manager
Authorizer
Authorizer is a Password Manager for Android. It emulates an HID keyboard over USB and enters your credentials on your target device. Additionally it supports OTP 🔑📴
Stars: ✭ 172 (+149.28%)
Mutual labels:  password-manager
Buttercup Browser Extension
🌏 Buttercup browser extension
Stars: ✭ 164 (+137.68%)
Mutual labels:  password-manager
View All Similar Projects ➔

kubectl user password manager glue

CI status badge LICENSE GitHub watchers GitHub stars GitHub forks GitHub issues GitHub closed issues GitHub pull requests GitHub closed pull requests GitHub repo size GitHub contributors GitHub last commit Go Report Card

An easy way to store your kubernetes credentials in a keychain or password manager

Does your ~/.kube/config look like this:

apiVersion: v1
kind: Config
users:
- name: my-prod-user
  user:
    token: <REAL TOKEN!>
- name: docker-desktop
  user:
    client-certificate-data: <REAL CERT!>
    client-key-data: <REAL PRIVATE KEY!>

😱 😱 😱 😱

Do you scold your parents 👨‍🏫/👩‍🏫 for maintaining a passwords.doc on their desktop?

Then you need kubectl-passman!

Works with (more coming)

Provider Supports Example command
keychain Mac OS Keychain
GNOME Keyring
Windows Credential Manager		 kubectl passman keychain [item] [token]
1password 1password
requires 1password cli		 kubectl passman 1password [item] [token]
gopass gopass kubectl passman gopass [item] [token]

Installation

# with krew (recommended)
kubectl krew install passman

# get a binary from https://github.com/chrisns/kubectl-passman/releases/latest
# place it in PATH and make sure it's called kubectl-passman

# use go to get the most recent
go install github.com/chrisns/kubectl-passman

Usage

You need to JSON encode the credentials so that should look something like:

{"token":"00000000-0000-0000-0000-000000000000"}

or for a key pair:

{
  "clientCertificateData":"-----BEGIN REAL CERTIFICATE-----\nMIIC9DCCA.......-----END CERTIFICATE-----",
  "clientKeyData":"-----BEGIN REAL RSA PRIVATE KEY-----\nMIIE......-----END REAL RSA PRIVATE KEY-----"
}

or for a key pair from your kube config:

{
  "client-certificate-data":"LS0tLS1CRU...LS0tCg==",
  "client-key-data":"LS0tLS1CRU...LS0tLS0K"
}

If they are already in your kube config, you could retrieve them with something like:

kubectl config view --raw -o json | jq '.users[] | select(.name=="kubectl-prod-user") | .user' -c

Write it to the password manager

kubectl passman keychain kubectl-prod-user '[token]'
# or
kubectl passman 1password kubectl-prod-user '[token]'

## so should look like:
kubectl passman 1password kubectl-prod-user '{"token":"00000000-0000-0000-0000-000000000000"}'
# or
kubectl passman 1password kubectl-prod-user '{"client-certificate-data":"...BASE64_ENCODE...","client-key-data":"...BASE64_ENCODE..."}'

Then add it to the ~/.kube/config:

kubectl config set-credentials \
  kubectl-prod-user \
 --exec-api-version=client.authentication.k8s.io/v1beta1 \
 --exec-command=kubectl-passman \
 --exec-arg=keychain \ # or 1password
 --exec-arg=kubectl-prod-user # name of [item-name] you used when you wrote to the password manager

Build

go build

Note: kubectl-passman will build slightly differently on Darwin (Mac OS) to other operation systems because it uses the go-keychain library that needs libraries that only exist on a mac so that it can natively talk to the keychain. When compiling for other operating systems you'll get go-keyring instead but I've abstracted to make the interactions the same.

Contributing

I ❤️ contributions, it'd be great if you could add support for your favourite password manager, work on something from the TODO or any open issues as a priority, but anything else that takes your fancy too is great, though best to raise an issue to discuss before investing time into it.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].