lilly/kustomize-pass
1
0
Fork 0
Code Issues Pull requests Releases Packages Wiki Activity
kustomize generator and transformer plugin for pass managed secrets
88 commits 1 branch 9 tags 184 KiB
Find a file
Exact
lilly d6fbbd447a
 convert github actions to woodpecker ci
2024-10-13 20:32:08 +02:00
.woodpecker convert github actions to woodpecker ci 2024-10-13 20:32:08 +02:00
examples add support for plain data in PassSecrets 2022-06-28 16:16:49 +02:00
hack change hacky ubuntu compile script to produce debug binary 2022-06-30 23:32:43 +02:00
src update libpass to v0.4.0 2022-06-30 23:39:02 +02:00
.gitignore setup basic rust project 2022-06-14 23:05:37 +02:00
.pre-commit-config.yaml setup pre-commit and fix errors 2022-06-21 11:33:47 +02:00
Cargo.lock Update Rust crate serde_json to v1.0.128 2024-10-12 14:12:26 +00:00
Cargo.toml Update Rust crate serde to 1.0.140 2022-07-29 14:55:12 +02:00
changelog.md reset changelog for new development iteration 2022-06-30 21:55:02 +00:00
LICENSE setup basic rust project 2022-06-14 23:05:37 +02:00
README.md update krm function bug disclaimer 2023-04-13 14:28:08 +02:00
renovate.json update renovate config 2024-10-13 20:15:11 +02:00
schema.openapi.yaml add support for plain data in PassSecrets 2022-06-28 16:16:49 +02:00

README.md

kustomize-pass

crates.io Badge Maintenance Status Badge

A kustomize plugin that is able to generate secrets by extracting them from pass or replace placeholders in other manifests from pass.

Disclaimer

kustomize currently recently had an issue regarding the execution of krm functions (this plugin is one) which prevents the execution of this plugin under some circumstances. The issue has been resolved in kustomize v5.0.0. See kustomize PR #4654 for more details.

Installation

For installation, this package depends on gpgme-rs which requires the gpgme library and its development files (e.g., headers, gpgme-config) to be installed during the build process. You should install these using your operating systems package manager.

Afterwards, you can install the package either using one of the provided binaries from the releases page or compile and install it yourself by running

cargo install kustomize-pass

Usage

Once kustomize-pass is installed, you can use the generator by providing kustomize with the following example resource manifests.

A detailed description of the supported input manifest is provided in openapi format in the schema.openapi.yaml. It can also be generated and printed on-demand by the application.

# generator.yml
apiVersion: ftsell.de/v1beta1
kind: PassSecret
metadata:
  name: example-secret
  annotations:
    config.kubernetes.io/function: |
      exec:
        path: kustomize-pass
behavior: create    # can be create, merge or replace
source:             # can also be unspecified to use the store at ~/.password-store
  url: https://github.com/example-user/example-repo.git
data:
  example-key: example-pass-name

# kustomization.yml
apiVersion: kustomize.config.k8s.io/v1beta1
generators:
  - generator.yml

When running the shown example and if you have a password named example-pass-name in your password store, the following resulting resource will be produced:

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
data:
  example-key: foobar123