secret-sync

command module
v0.0.0-...-c9c9695 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2023 License: GPL-3.0 Imports: 7 Imported by: 0

README

Secret Sync

This tool copy secrets from AWS SecretsManager to Kubernetes Secrets. Using this tools its not necesary to use Kubernetes Secrets Store CSI Driver if you only need send the entier secret from AWS to Kubernetes Secret. The secrets created has the label created_by=secret-sync if one of those secrets are removed from de secret-sync configuration, the secret will be removed.

How to run.

  • attach a role to read the aws secrets
  • attach a serviceaccount to allow manage secrets
  • set INTERVAR env_var
run example:

local values file:

cat ~/values.yaml
env:
  "AWS_ACCESS_KEY_ID": "xxxxxxx"
  "AWS_SECRET_ACCESS_KEY": "xxxxxxx"
  "AWS_REGION": "us-west-2"

secrets:
  - provider: aws
    source: dev-new-example-secret
    dest: dev-new-example-secret
    namespace: default

add repo

(⎈ |N/A:N/A)➜  secret_sync git:(dev) helm repo add secret-sync https://csepulveda.github.io/secret-sync/  
(⎈ |N/A:N/A)➜  ~ helm repo add secret-sync https://csepulveda.github.io/secret-sync/
"secret-sync" has been added to your repositories
(⎈ |N/A:N/A)➜  ~ helm repo update secret-sync                                       
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "secret-sync" chart repository
Update Complete. ⎈Happy Helming!⎈

Start minukube cluster

(⎈ |N/A:N/A)➜  ~ minikube start       
😄  minikube v1.27.0 on Darwin 12.6 (arm64)
    ▪ MINIKUBE_ACTIVE_DOCKERD=minikube
❗  Kubernetes 1.25.0 has a known issue with resolv.conf. minikube is using a workaround that should work for most use cases.
❗  For more information, see: https://github.com/kubernetes/kubernetes/issues/112135
✨  Automatically selected the docker driver. Other choices: parallels, ssh, qemu2 (experimental)
📌  Using Docker Desktop driver with root privileges
👍  Starting control plane node minikube in cluster minikube
🚜  Pulling base image ...
🔥  Creating docker container (CPUs=2, Memory=5891MB) ...
🐳  Preparing Kubernetes v1.25.0 on Docker 20.10.17 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner, default-storageclass
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Install helm chart

(⎈ |minikube:default)➜  ~ helm upgrade -i secret-sync secret-sync/secret-sync  -f ~/values.yaml
Release "secret-sync" does not exist. Installing it now.
NAME: secret-sync
LAST DEPLOYED: Mon Sep 26 11:46:42 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None

check logs and secret

(⎈ |minikube:default)➜  ~ kubectl logs deployment/secret-sync  
2022/09/26 14:46:50 running every 120 seconds
2022/09/26 14:46:50 Sync 1 of 1 secrets
(⎈ |minikube:default)➜  ~ kubectl describe secrets/dev-new-example-secret                      
Name:         dev-new-example-secret
Namespace:    default
Labels:       created_by=secret-sync
Annotations:  <none>

Type:  Opaque

Data
====
value1:  5 bytes
value2:  5 bytes
value3:  5 bytes
value4:  5 bytes

TODO

  • Create Tests
  • Evaluate add supports to other kind of secrets (azure, gpc, vault, etc)

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
aws
k8s

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.