{"id":15955698,"url":"https://github.com/aar10n/replacer","last_synced_at":"2025-09-03T19:32:03.576Z","repository":{"id":193151781,"uuid":"482649768","full_name":"aar10n/replacer","owner":"aar10n","description":"A Kubernetes mutating webhook that performs templated replacements on Secrets and ConfigMaps using providers like GCP Secret Manager. Simple and flexible secret management.","archived":false,"fork":false,"pushed_at":"2022-04-18T03:06:27.000Z","size":56,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-12-28T20:11:38.796Z","etag":null,"topics":["gcp-secret-manager","gitops","kubernetes","secret-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aar10n.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-04-17T22:45:16.000Z","updated_at":"2024-03-02T19:24:40.000Z","dependencies_parsed_at":"2023-09-07T01:29:40.018Z","dependency_job_id":null,"html_url":"https://github.com/aar10n/replacer","commit_stats":null,"previous_names":["aar10n/replacer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aar10n%2Freplacer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aar10n%2Freplacer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aar10n%2Freplacer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aar10n%2Freplacer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aar10n","download_url":"https://codeload.github.com/aar10n/replacer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231913959,"owners_count":18445008,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gcp-secret-manager","gitops","kubernetes","secret-management"],"created_at":"2024-10-07T13:26:17.516Z","updated_at":"2024-12-30T20:50:29.820Z","avatar_url":"https://github.com/aar10n.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Replacer\n\nA Kubernetes webhook that performs replacements on Secrets and ConfigMaps using one of the \nsupported \"providers\". It simplifies secret management by allowing you to inject secrets into \nyour application without the use of custom resources. It also allows you to compose secrets \nfrom multiple sources, and in whatever format you want.\n\n## Why?\n\nThis project was heavily inspired by the tool [ArgoCD Vault Plugin](https://github.com/argoproj-labs/argocd-vault-plugin).\nUnlike many other secret management tools, it performs replacements on the yaml before it is applied \nto the cluster. This has the benefit of requiring no custom resources or controllers, and it allows \nyou to compose and combine multiple secrets into a single resource. The downside is that it requires\nyou to install the application into your CI/CD pipeline, and it makes testing locally less convenient.\n\nThis project was created as a way to get the functionality of ArgoCD Vault Plugin into Kubernetes. \nThrough the use of a mutating webhook, it performs the similar replacement functionality as ArgoCD \nVault Plugin, but it does so as part of the normal `kubectl apply` process.\n\n## Example\n\nThe following example uses the [GoogleSecretManager](#GoogleSecretManager) provider:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: my-secret\n  annotations:\n    replacer.agb.dev/provider: gcp\nstringData:\n  key1: \u003creplace:my-project/some-secret\u003e\n  secrets.yaml: |\n    \u003creplace:my-project/some-yaml-secret\u003e\n    api_token: \u003creplace:my-project/some-token-secret\u003e\n```\n\n## Providers\n\nA provider is a backend that provides replacements for keys inside of `\u003creplace:\u003e` templates. \nYou can select a default provider with the `replacer.agb.dev/provider` annotation on your resource,\nor with the `\u003creplace(\u003cprovider\u003e):\u003e` template syntax. \n\nCurrently, only the `gcp` provider is supported, but it is very easy to add a new provider and\npull requests are welcome.\n\n#### Provider Configuration\n\nAll provider-specific configuration options are specified via annotations with the\nprefix `replacer.agb.dev/` followed by the provider name, a period, and finally the \nkey. If the type of a parameter is listed as `boolean` or `integer`, the value should \nbe a string representation of the value (e.g. `replacer.agb.dev/key: \"true\"`).\n\n### GoogleSecretManager\n\nProvider for Google Cloud Platform's [Secret Manager](https://cloud.google.com/secret-manager).\n\n#### Usage\n\n```yaml\nmetadata:\n  annotations:\n    replacer.agb.dev/provider: gcp\n```\n\nThe `gcp` provider accepts both the full resource path to the secret, or shorter forms which \ninclude just the secret name and project (not nessecary if a default project is given). The\ndefault version used in all cases where is it not specified is `latest`.\n\nSecret path examples:\n  * `\u003creplace:projects/my-project/secrets/my-secret\u003e` \n  * `\u003creplace:projects/my-project/secrets/my-secret/versions/latest\u003e`\n  * `\u003creplace:projects/my-project/secrets/my-secret/versions/1\u003e`\n  * `\u003creplace:my-project/my-secret\u003e`\n  * `\u003creplace:my-secret\u003e` (only if the `project_id` option is provided)\n\n#### Configuration\n\n| Key          | Type   | Description                                       |\n|--------------|--------|---------------------------------------------------|\n| `project_id` | string | The default project id to use when none is given. |\n\n### AWSSecretManager\n\nPlanned\n\n\n## License\n\nMIT License, see the LICENSE file.\n\n## Notes\n\nThis project was partially bootstrapped with [Kubebuilder](https://github.com/kubernetes-sigs/kubebuilder).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faar10n%2Freplacer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faar10n%2Freplacer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faar10n%2Freplacer/lists"}