extensible-secrets-generator

command module

v0.0.0-...-02d0393 Latest Latest Go to latest Published: Mar 12, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jkulzer/extensible-secrets-generator

Links

Open Source Insights

README ¶

extensible-secrets-generator

Description

A simple Kubernetes operator to generate secrets with random values

Getting Started

Running on the cluster

Add the Helm repo

helm repo add extensible-secrets-generator https://jkulzer.github.io/extensible-secrets-generator

(Optional) Install with default values

helm install extensible-secrets-generator extensible-secrets-generator/extensible-secrets-generator

Development instance

You can run the operator locally on your machine for development with this command:

make install run

Generating a secret

A example CRD

This creates a secret with the following metadata:

The name name
The namespace default
two keys named KEY and HASH_KEY
it generates the keys using the authelia-hash generator
the length of the key is 10

---
apiVersion: secrets.esg.jkulzer.dev/v1alpha1
kind: Secret
metadata:
  name: test-secret
  namespace: default
spec:
  secret:
    name: name
    namespace: default
  keys:
    - key: KEY
      templateString: "{{ TEST }}"
    - key: HASH_KEY
      templateString: "{{ TEST.hashed }}"
  generators:
     - name: TEST
       type: authelia-hash
       length: 10

Possible CRD options

Secret info

spec:
  secret:
    name: name
    namespace: default
    labels:
      label-that-should-be-present-on-the-secret.k8s.io: true

The spec.secret.labels field will get added to the secret that gets generated

This also works for annotations!

Generator type

Specifies the kind of secret that should be generated. Currently the two options are

string
authelia-hash

---
spec:
  generators:
   - name: ...
     type: string | authelia-hash

String

---
spec:
  generators:
   - name: ...
     type: string
     length: 20
     charset: abcdefghijklmnopqrstuvwxyz

The length key specifies how long the randomly generated secret should be

The charset key specifies what characters the string should contain. Defaults to abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789

the key key specifies under which key the random string should be stored in the Kubernetes secret

authelia-hash

---
apiVersion: secrets.esg.jkulzer.dev/v1alpha1
kind: Secret
metadata:
  name: test-secret
  namespace: default
spec:
  secret:
    name: name
    namespace: default
  keys:
  - name: MY_KEY
    templateString: "{{ TEST }}"
  - name: MY_HASHED_KEY
    templateString: "{{ TEST.hashed }}"
  generators:
  - name: TEST
    type: authelia-hash
    length: 10

The length key specifies how long the randomly generated cleartext secret should be Using GENERATOR_NAME.hashed you can access the Authelia-compatible hashed version of the string

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1alpha1 Package v1alpha1 contains API Schema definitions for the secrets v1alpha1 API group +kubebuilder:object:generate=true +groupName=secrets.esg.jkulzer.dev	Package v1alpha1 contains API Schema definitions for the secrets v1alpha1 API group +kubebuilder:object:generate=true +groupName=secrets.esg.jkulzer.dev
controllers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL