sealed-secrets-updater

module

v0.4.1 Latest Latest Go to latest Published: Oct 19, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juan131/sealed-secrets-updater

Links

Open Source Insights

README ¶

Sealed Secrets Updater

Problem: "I follow GitOps using Sealed Secrets, but I need to manually recreate my manifests whenever my secrets need to be updated."

Solution: Use this tool to automatically track changes in your secrets manager and update your Sealed Secrets manifests.

Supported Secrets Managers
Installation
Usage
Configuration
Tutorials

Supported Secrets Managers

Currently only input secrets files are supported, but we plan to add support for secrets managers in the future such as Vault, AWS Secrets Manager, etc.

Note: It is highly recommended to encrypt your input secrets files using git-crypt or similar tools.

Installation

You can download the corresponding binary for every supported version from releases section. Alternatively, you can use the following commands to install the latest version (assuming linux/amd64):

latest_release_name="$(curl -sH "Accept: application/vnd.github.v3+json" https://api.github.com/repos/juan131/sealed-secrets-updater/releases | jq -r "map(select(.prerelease == false)) | .[0].name")"
latest_version="${latest_release_name#"sealed-secrets-updater-v"}"
curl -sL "https://github.com/juan131/sealed-secrets-updater/releases/download/v${latest_version}/sealed-secrets-updater-${latest_version}-linux-amd64.tar.gz" | tar -xz sealed-secrets-updater
mv sealed-secrets-updater /usr/local/bin/sealed-secrets-updater
chmod +x /usr/local/bin/sealed-secrets-updater

Usage

Basic usage:

sealed-secrets-updater update --config config.json

Run the command below to see the rest available commands:

sealed-secrets-updater help

Configuration

Sealed Secrets Updater uses a configuration file (JSON format) to determine how to update your manifests such as the ones below:

{
  "kubesealConfig": {
    "controllerNamespace": "kube-system",
    "controllerName": "sealed-secrets-controller"
  },
  "secrets": [
    {
      "name": "my-secret",
      "namespace": "default",
      "input": {
        "type": "file",
        "config": {
          "path": "path/to/my-secret-inputs.json"
        }
      },
      "output": {
        "type": "file",
        "config": {
          "path": "path/to/my-sealed-secret.json"
        }
      }
    }
  ]
}

You can find some basic examples in the examples directory to learn how to configure Sealed Secrets Updater to update your manifests using different output types. Please note only two output types are supported at the moment:

apply: Directly apply the new Sealed Secrets to your cluster.
file: Save the new Sealed Secrets to a file.

Note: Refer to the JSON Schema for the full list of available options.

Tutorials

Please refer to the tutorials directory for some tutorials on how to use Sealed Secrets Updater with other tools such as ArgoCD, GitHub Actions, etc.

Directories ¶

Path	Synopsis
cmd
sealed-secrets-updater
internal
k8s
utils
pkg
config
input
output
updater

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL