Please note: We take security and users' trust seriously. If you believe you have found a security issue in Trousseau, please responsibly disclose by following the security policy.
This is the home of Trousseau, an open-source project leveraging the Kubernetes KMS provider framework to connect with Key Management Services the Kubernetes native way!
Why Trousseau
Kubernetes platform users are all facing the very same question: how to handle Secrets?
While there are significant efforts to improve Kubernetes component layers, the state of Secret Management is not receiving much interests. Using etcd to store API object definition & states, Kubernetes secrets are encoded in base64 and shipped into the key value store database. Even if the filesystems on which etcd runs are encrypted, the secrets are still not.
Instead of leveraging the native Kubernetes way to manage secrets, commercial and open source solutions solve this design flaw by leveraging different approaches all using different toolsets or practices. This leads to training and maintaining niche skills and tools increasing cost and complexity of Kubernetes.
Once deployed, Trousseau will enable seamless secret management using the native Kubernetes API and kubectl
CLI usage while leveraging an existing Key Management Service (KMS) provider.
How? By using using the Kubernetes KMS provider framework to provide an envelop encryption scheme to encrypt secrets on the fly.
About the name
The name trousseau comes from the French language and is usually associated with keys like in trousseau de clés meaning keyring.
Contributing Guidelines
We love your input! We want to make contributing to this project as easy and transparent as possible. You can find the full guidelines here.
Please reach out for any questions or issues via our Github Discussions.
Alternatively you can:
- Raise an issue or PR on this repo
- Follow us on Twitter @ondat_io
Roadmap
You can view our project board here.
License
Trousseau is under the Apache 2.0 license. See LICENSE file for details.