Git Product home page Git Product logo

helm-secrets's People

Contributors

benlangfeld avatar grzegorzlyczba avatar helgi avatar jacobsvante avatar jrnt30 avatar lbogdan avatar mattclegg avatar maver1ck avatar mhyllander avatar morgoth avatar mumoshu avatar novas0x2a avatar sandywang1982 avatar snebel29 avatar sstarcher avatar szibis avatar

Watchers

avatar avatar avatar

helm-secrets's Issues

Add support for HashiCorp Vault

Preamble

I have added basic support for HashiCorp Vault with this commit bbd02c1.

Features

Implemented Features

  • secret value storage in vault
  • secret value retrieval from vault

Unimplemented Features

  • working with helm-wrapper
    • on-the-fly decryption for use with install/upgrade/diff/lint
  • ability to change plaintext secret deliminator (currently hard-coded as "changeme")
  • ability to change the path that secrets are stored to in Vault
  • hide secret data on input/do not show on output
  • helm secrets clean appears to be broken, though it is unmodified
  • view support
  • edit support

Untested Features

  • multi-line secret values

Unplanned Features

  • non-K/V secrets
  • non-text secrets

Documentation

Prerequisites

  • Working Vault server
  • Vault agent setup on local machine
    • $VAULT_ADDR
    • $VAULT_TOKEN (or other auth configuration)

Workflow

  1. Modify your values.yaml files to change your secret values to 'changeme'
  2. Run helm secrets enc values.yaml
    1. You will be prompted to enter secret values for each 'changeme' found
    2. The entered secret values will be written to Vault
    3. You will be presented with the path where the secrets are stored
  3. Run helm secrets dec values.yaml
    1. You will be presented with the found secret values from Vault
    2. These secret values will automatically be substituted into values.yaml and stored at values.yaml.dec
  4. Run 'helm secrets install --name [name] -f values.yaml.dec stable/[chart]`
    1. Helm will install your chart with the secrets stored in values.yaml.dec
  5. Clean up by running rm values.yaml.dec

Misc.

Support/Questions

If you have any questions or run into issues, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane

Feature Requests

If you would like to suggest a new feature, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane

Standalone Code

The standalone code for converting yaml into Vault secrets can be found here: Just-Insane/helm-vault. It is (nearly) the same code that is integrated into helm-secrets

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.