kubectl-passman

command module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2019 License: MIT Imports: 10 Imported by: 0

README ΒΆ

kubectl user password manager glue

CI status badge LICENSE GitHub watchers GitHub stars GitHub forks GitHub issues GitHub closed issues GitHub pull requests GitHub closed pull requests GitHub repo size GitHub contributors GitHub last commit

❗ An easy way to store your kubernetes credentials in 1password or Mac OS Keychain (more password managers coming soon)

Does your ~/.kube/config look like this:
apiVersion: v1
kind: Config
users:
- name: my-prod-user
  user:
    token: <REAL TOKEN!>
- name: docker-desktop
  user:
    client-certificate-data: <REAL CERT!>
    client-key-data: <REAL PRIVATE KEY!>

😱 😱 😱 😱

Do you scold your parents πŸ‘¨πŸ«/πŸ‘©πŸ« for maintaining a passwords.doc on their desktop?

Then you need kubectl-passman!

a suggestion of a better name is very welcome, it's not too late to change!

What this kubectl plugin does is glue your kubectl config to a common password manager.

Installation

go install github.com/chrisns/kubectl-passman

Usage

You need to JSON encode the credentials so that should look something like:

{"token":"00000000-0000-0000-0000-000000000000"}

or for a key pair:

{
  "clientCertificateData":"-----BEGIN REAL CERTIFICATE-----\nMIIC9DCCA.......-----END CERTIFICATE-----",
  "clientKeyData":"-----BEGIN REAL RSA PRIVATE KEY-----\nMIIE......-----END REAL RSA PRIVATE KEY-----"
}

If they are already in your kube config, you could retrieve them with something like:

kubectl config view -o json | jq '.users[] | select(.name=="kubectl-prod-user") | .user' -c
Write it to the password manager
kubectl passman keychain kubectl-prod-user '[token]'
# or
kubectl passman 1password kubectl-prod-user '[token]'

## so should look like:
kubectl passman 1password kubectl-prod-user '{"token":"00000000-0000-0000-0000-000000000000"}'

Then add it to the ~/.kube/config:

kubectl config set-credentials \
  kubectl-prod-user \
 --exec-api-version=client.authentication.k8s.io/v1beta \
 --exec-command=passman \
 --exec-arg=keychain \ # or 1password
 --exec-arg=kubectl-prod-user # name of [item-name] you used when you wrote to the password manager

Build

go build

Note: kubectl-passman will build slightly differently on Darwin (Mac OS) to other operation systems because it uses the go-keychain library that needs libraries that only exist on a mac so that it can natively talk to the keychain. When compiling for other operating systems you'll get go-keyring instead but I've abstracted to make the interactions the same.

Contributing

I ❀ contributions, it'd be great if you could add support for your favourite password manager, work on something from the TODO or any open issues as a priority, but anything else that takes your fancy too is great, though best to raise an issue to discuss before investing time into it.

Documentation ΒΆ

The Go Gopher

There is no documentation for this package.

Source Files ΒΆ

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.