{"id":13508509,"url":"https://github.com/Soluto/kamus","last_synced_at":"2025-03-30T11:32:05.540Z","repository":{"id":40385411,"uuid":"137323485","full_name":"Soluto/kamus","owner":"Soluto","description":" An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications","archived":false,"fork":false,"pushed_at":"2023-09-28T06:59:32.000Z","size":4421,"stargazers_count":931,"open_issues_count":47,"forks_count":68,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-03-01T09:49:31.559Z","etag":null,"topics":["appsec","devops","gitops","kms","kubernetes","kubernetes-secrets","soluto-open-source"],"latest_commit_sha":null,"homepage":"https://kamus.soluto.io","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Soluto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security.md","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-06-14T07:38:48.000Z","updated_at":"2025-02-28T18:06:30.000Z","dependencies_parsed_at":"2024-01-07T18:09:13.568Z","dependency_job_id":null,"html_url":"https://github.com/Soluto/kamus","commit_stats":{"total_commits":896,"total_committers":31,"mean_commits":"28.903225806451612","dds":0.7098214285714286,"last_synced_commit":"32596e1038eadd1392e91cf32ed8e238263c4119"},"previous_names":[],"tags_count":165,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Soluto%2Fkamus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Soluto%2Fkamus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Soluto%2Fkamus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Soluto%2Fkamus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Soluto","download_url":"https://codeload.github.com/Soluto/kamus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246314011,"owners_count":20757450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","devops","gitops","kms","kubernetes","kubernetes-secrets","soluto-open-source"],"created_at":"2024-08-01T02:00:54.128Z","updated_at":"2025-03-30T11:32:00.531Z","avatar_url":"https://github.com/Soluto.png","language":"C#","readme":"[![Helm Package](https://img.shields.io/badge/helm-latest-blue.svg)](https://hub.helm.sh/charts/soluto/kamus) \n[![Slack](https://img.shields.io/badge/slack-kamus-orange.svg)](https://join.slack.com/t/k8s-kamus/shared_invite/enQtODA2MjI3MjAzMjA1LThlODkxNTg3ZGVmMjVkOTBhY2RmMmRjOWFiOGU2NzQ1ODU4ODNiMDJiZTE5ZTY4YmRiOTM3MjI0MDc0OGFkN2E)\n[![Twitter](https://img.shields.io/twitter/follow/solutoeng.svg?label=Follow\u0026style=popout)](https://twitter.com/intent/tweet?text=Checkout%20Kamus%20secret%20encryption%20for%20Kubernetes\u0026url=https://github.com/Soluto/kamus\u0026via=SolutoEng\u0026hashtags=kubernetes,devops,devsecops) [![CircleCI](https://circleci.com/gh/Soluto/kamus.svg?style=svg)](https://circleci.com/gh/Soluto/kamus)\n\n![logo](images/logo.png)  \n# Kamus\nAn open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications.\nKamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes.\nThe encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES).\nTo learn more about Kamus, check out the [blog post](https://blog.solutotlv.com/can-kubernetes-keep-a-secret?utm_source=github) and [slides](https://www.slideshare.net/SolutoTLV/can-kubernetes-keep-a-secret).\n## Getting Started\n\nThe simple way to run Kamus is by using the Helm chart:\n```\nhelm repo add soluto https://charts.soluto.io\nhelm upgrade --install kamus soluto/kamus\n```\nRefer to the [installation guide](https://kamus.soluto.io/docs/user/install/) for more details.\nAfter installing Kamus, you can start using it to encrypt secrets.\nKamus encrypt secrets for a specific application, represent by a [Kubernetes Service Account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account).\nCreate a service account for your application, and mount it on the pods running your application.\nNow, when you know the name of the service account, and the namespace it exists in, install Kamus CLI:\n```\nnpm install -g @soluto-asurion/kamus-cli\n```\nUse Kamus CLI to encrypt the secret:\n```\nkamus-cli encrypt --secret super-secret --service-account kamus-example-sa --namespace default --kamus-url \u003cKamus URL\u003e\n```\n*If you're running Kamus locally the Kamus URL will be like `http://localhost:\u003cport\u003e`. So you need to add `--allow-insecure-url` flag to enable http protocol.* \n\nPass the value returned by the CLI to your pod, and use Kamus Decrypt API to decrypt the value.\nThe simplest way to achieve that is by using the init container.\nAn alternative is to use Kamus decrypt API directly in the application code.\nTo make it clearer, take a look on a working [example app](example/README.md).\nYou can deploy this app to any Kubernetes cluster that has Kamus installed, to understand how it works.\n\nHave a question? Something is not clear? Reach out to us on [Kamus Slack](https://join.slack.com/t/k8s-kamus/shared_invite/enQtODA2MjI3MjAzMjA1LThlODkxNTg3ZGVmMjVkOTBhY2RmMmRjOWFiOGU2NzQ1ODU4ODNiMDJiZTE5ZTY4YmRiOTM3MjI0MDc0OGFkN2E)!\n\n## Architecture\nKamus has 3 components:\n* Encrypt API\n* Decrypt API\n* Key Management System (KMS)\n\nThe encrypt and decrypt APIs handle encryption and decryption requests.\nThe KMS is a wrapper for various cryptographic solutions. Currently supported:\n* AES - uses one key for all secrets\n* AWS KMS, Azure KeyVault, Google Cloud KMS - creates one key per service account.\n\nWe look forward to add support for other cloud encryption backends.\n\n\nConsult the [installation guide](https://kamus.soluto.io/docs/user/install) for more details on how to deploy Kamus using the relevant KMS.\n\n### Utilities\nKamus is shipped with 2 utilities that make it easier to use:\n* Kamus CLI - a small CLI that eases the interaction with the Encrypt API. Refer to the [docs](https://github.com/Soluto/kamus/blob/master/cli/README.md) for more details.\n* Kamus init container - a init container that interacts with the Decrypt API. Refer to the [docs](https://github.com/Soluto/kamus/blob/master/init-container/README.md) for more details.\n* CRD Controller - allowing to create native Kubernetes secrets using Kamus. Refer to the [docs](https://kamus.soluto.io/docs/user/crd/) for more details.\n\n## Users\n* [1 Giant Leap Solutions](https://1giantleap.nl/)\n* [UK Hydrographic Office](https://www.ukho.gov.uk/)\n\nUsing Kamus? Open a PR and add your company name here!\n\n## Security\nWe take security seriously at Soluto.\nTo learn more about the security aspects of Kamus refer to the Threat Modeling docs containing all the various threats and mitigations we discussed.\nBefore installing Kamus in production refer to the installation guide to learn the best practices of deploying Kamus securely.\nIn case you find a security issue or have something you would like to discuss refer to our [security.md](security.md) policy.\n\n## Contributing\nFound a bug? Have a missing feature? Please open an issue and let us know.\nWe would like to help you use Kamus!\nPlease notice: Do not report security issues on GitHub.\nWe will immediately delete such issues.\n","funding_links":[],"categories":["Secret generation and management","C#","Secret Management","C# #","K8S-Tools","kubernetes","Ancillary Tools","Security \u0026 Compliance"],"sub_categories":["[Jenkins](#jenkins)","Secrets"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSoluto%2Fkamus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSoluto%2Fkamus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSoluto%2Fkamus/lists"}