{"id":15486774,"url":"https://github.com/chrisns/kubectl-passman","last_synced_at":"2025-04-05T08:07:01.731Z","repository":{"id":39229020,"uuid":"210373778","full_name":"chrisns/kubectl-passman","owner":"chrisns","description":"kubectl plugin that provides the missing link/glue between common password managers and kubectl","archived":false,"fork":false,"pushed_at":"2025-03-19T19:06:07.000Z","size":1419,"stargazers_count":124,"open_issues_count":4,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-29T07:07:04.546Z","etag":null,"topics":["1password","1password-cli","credential-storage","credentials-helper","gnome-keyring","go","golang","gopass","hacktoberfest","k8s","keychain","kubectl-plugin","kubectl-plugins","kubernetes","kubernetes-cli","osx-keychain","password-manager","windows-credential-manager","windows-credential-vault"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chrisns.png","metadata":{"funding":{"github":["chrisns"],"custom":["https://www.paypal.me/cns"]},"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-23T14:17:51.000Z","updated_at":"2025-03-28T18:50:00.000Z","dependencies_parsed_at":"2023-02-18T00:16:01.300Z","dependency_job_id":"514eb99f-b7f9-4320-a96b-f938c4e2822a","html_url":"https://github.com/chrisns/kubectl-passman","commit_stats":null,"previous_names":[],"tags_count":59,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisns%2Fkubectl-passman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisns%2Fkubectl-passman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisns%2Fkubectl-passman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisns%2Fkubectl-passman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chrisns","download_url":"https://codeload.github.com/chrisns/kubectl-passman/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305934,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["1password","1password-cli","credential-storage","credentials-helper","gnome-keyring","go","golang","gopass","hacktoberfest","k8s","keychain","kubectl-plugin","kubectl-plugins","kubernetes","kubernetes-cli","osx-keychain","password-manager","windows-credential-manager","windows-credential-vault"],"created_at":"2024-10-02T06:09:39.656Z","updated_at":"2025-04-05T08:07:01.684Z","avatar_url":"https://github.com/chrisns.png","language":"Go","funding_links":["https://github.com/sponsors/chrisns","https://www.paypal.me/cns"],"categories":["Go"],"sub_categories":[],"readme":"# kubectl user password manager glue\n\n![CI status badge](https://github.com/chrisns/kubectl-passman/workflows/CI%20Pipeline/badge.svg)\n![LICENSE](https://img.shields.io/github/license/chrisns/kubectl-passman)\n![GitHub watchers](https://img.shields.io/github/watchers/chrisns/kubectl-passman?style)\n![GitHub stars](https://img.shields.io/github/stars/chrisns/kubectl-passman)\n![GitHub forks](https://img.shields.io/github/forks/chrisns/kubectl-passman)\n![GitHub issues](https://img.shields.io/github/issues-raw/chrisns/kubectl-passman)\n![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/chrisns/kubectl-passman)\n![GitHub pull requests](https://img.shields.io/github/issues-pr-raw/chrisns/kubectl-passman)\n![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/chrisns/kubectl-passman)\n![GitHub repo size](https://img.shields.io/github/repo-size/chrisns/kubectl-passman)\n![GitHub contributors](https://img.shields.io/github/contributors/chrisns/kubectl-passman)\n![GitHub last commit](https://img.shields.io/github/last-commit/chrisns/kubectl-passman)\n[![Go Report Card](https://goreportcard.com/badge/github.com/chrisns/kubectl-passman)](https://goreportcard.com/report/github.com/chrisns/kubectl-passman)\n\n \u003e :heavy_exclamation_mark: An easy way to store your kubernetes credentials in a keychain or password manager\n\n### Does your `~/.kube/config` look like this:\n\n```yaml\napiVersion: v1\nkind: Config\nusers:\n- name: my-prod-user\n  user:\n    token: \u003cREAL TOKEN!\u003e\n- name: docker-desktop\n  user:\n    client-certificate-data: \u003cREAL CERT!\u003e\n    client-key-data: \u003cREAL PRIVATE KEY!\u003e\n```\n\n## :scream: :scream: :scream: :scream:\u003cbr/\u003e\u003cbr/\u003eDo you scold your parents :man_teacher:/:woman_teacher: for maintaining a `passwords.doc` on their desktop? \u003cbr/\u003e\u003cbr/\u003e Then you need kubectl-passman!\n\n## Works with (more coming)\n\nProvider | Supports | Example command\n--- | --- | ---\nkeychain | [Mac OS Keychain](https://support.apple.com/en-gb/guide/keychain-access/kyca1083/mac) \u003cbr\u003e [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring) \u003cbr\u003e [Windows Credential Manager](http://blogs.msdn.com/b/visualstudioalm/archive/2015/12/08/announcing-the-git-credential-manager-for-windows-1-0.aspx) | `kubectl passman keychain [item] [token]`\n1password | [1password](https://1password.com/) \u003cbr\u003e requires [1password cli](https://1password.com/downloads/command-line/) | `kubectl passman 1password [item] [token]`\ngopass | [gopass](https://www.gopass.pw/) | `kubectl passman gopass [item] [token]`\n\n## Installation\n\n```bash\n# with krew (recommended)\nkubectl krew install passman\n\n# get a binary from https://github.com/chrisns/kubectl-passman/releases/latest\n# place it in PATH and make sure it's called kubectl-passman\n\n# use go to get the most recent\ngo install github.com/chrisns/kubectl-passman\n```\n\n## Usage\n\nYou need to JSON encode the credentials so that should look something like:\n\n```json\n{\"token\":\"00000000-0000-0000-0000-000000000000\"}\n```\n\nor for a key pair:\n\n```json\n{\n  \"clientCertificateData\":\"-----BEGIN REAL CERTIFICATE-----\\nMIIC9DCCA.......-----END CERTIFICATE-----\",\n  \"clientKeyData\":\"-----BEGIN REAL RSA PRIVATE KEY-----\\nMIIE......-----END REAL RSA PRIVATE KEY-----\"\n}\n```\n\nor for a key pair from your kube config:\n\n```json\n{\n  \"client-certificate-data\":\"LS0tLS1CRU...LS0tCg==\",\n  \"client-key-data\":\"LS0tLS1CRU...LS0tLS0K\"\n}\n```\n\nIf they are already in your kube config, you could retrieve them with something like:\n\n```bash\nkubectl config view --raw -o json | jq '.users[] | select(.name==\"kubectl-prod-user\") | .user' -c\n```\n\n### Write it to the password manager\n\n```bash\nkubectl passman keychain kubectl-prod-user '[token]'\n# or\nkubectl passman 1password kubectl-prod-user '[token]'\n\n## so should look like:\nkubectl passman 1password kubectl-prod-user '{\"token\":\"00000000-0000-0000-0000-000000000000\"}'\n# or\nkubectl passman 1password kubectl-prod-user '{\"client-certificate-data\":\"...BASE64_ENCODE...\",\"client-key-data\":\"...BASE64_ENCODE...\"}'\n```\n\nThen add it to the `~/.kube/config`:\n\n```bash\nkubectl config set-credentials \\\n  kubectl-prod-user \\\n --exec-api-version=client.authentication.k8s.io/v1beta1 \\\n --exec-command=kubectl-passman \\\n --exec-arg=keychain \\ # or 1password\n --exec-arg=kubectl-prod-user # name of [item-name] you used when you wrote to the password manager\n```\n\n## Build\n\n``` bash\ngo build\n```\n\u003e Note: kubectl-passman will build slightly differently on Darwin (Mac OS) to other operation systems because it uses the [go-keychain](https://github.com/keybase/go-keychain) library that needs libraries that only exist on a mac so that it can natively talk to the keychain. When compiling for other operating systems you'll get [go-keyring](https://github.com/zalando/go-keyring) instead but I've abstracted to make the interactions the same.\n\n## Contributing\n\nI :heart: contributions, it'd be great if you could add support for your favourite password manager, work on something from the [TODO](#TODO) or any open issues as a priority, but anything else that takes your fancy too is great, though best to raise an issue to discuss before investing time into it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisns%2Fkubectl-passman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchrisns%2Fkubectl-passman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisns%2Fkubectl-passman/lists"}