{"id":17492099,"url":"https://github.com/imranismail/external-secret","last_synced_at":"2025-08-02T21:33:41.679Z","repository":{"id":49396074,"uuid":"221412786","full_name":"imranismail/external-secret","owner":"imranismail","description":"Kustomize plugin for building external secret from remote datastore","archived":false,"fork":false,"pushed_at":"2023-02-25T01:47:57.000Z","size":118,"stargazers_count":5,"open_issues_count":2,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-22T20:16:34.520Z","etag":null,"topics":["hacktoberfest","kustomize","kustomize-plugin"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/imranismail.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-13T08:45:23.000Z","updated_at":"2022-12-09T02:27:46.000Z","dependencies_parsed_at":"2024-06-19T16:23:30.366Z","dependency_job_id":"8bc098f0-0a3f-46fb-8274-a9d34f433faf","html_url":"https://github.com/imranismail/external-secret","commit_stats":{"total_commits":24,"total_committers":1,"mean_commits":24.0,"dds":0.0,"last_synced_commit":"8f2249ae9fdf3cfd9759cb6239abdc4168c0cefe"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/imranismail/external-secret","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imranismail%2Fexternal-secret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imranismail%2Fexternal-secret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imranismail%2Fexternal-secret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imranismail%2Fexternal-secret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/imranismail","download_url":"https://codeload.github.com/imranismail/external-secret/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imranismail%2Fexternal-secret/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262609002,"owners_count":23336608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","kustomize","kustomize-plugin"],"created_at":"2024-10-19T08:07:48.082Z","updated_at":"2025-06-29T14:32:23.795Z","avatar_url":"https://github.com/imranismail.png","language":"Go","funding_links":[],"categories":["Secret Management"],"sub_categories":[],"readme":"## Quick Install\n\n```sh\nexport TARGET_PLATFORM=Linux_x86_64\nmkdir -p ~/.config/kustomize/plugin/imranismail.dev/v1/externalsecret\ncd ~/.config/kustomize/plugin/imranismail.dev/v1/externalsecret\ncurl -L https://github.com/imranismail/external-secret/releases/download/v1.0.0/external-secret_1.0.0_$TARGET_PLATFORM.tar.gz | tar xz\nmv external-secret ExternalSecret\nchmod +x ExternalSecret\n```\n\nThe default value of XDG_CONFIG_HOME is \\$HOME/.config.\n\n## Usage\n\nA kustomize exec plugin to generate secret from remote stores. Currently supports AWS SecretsManager\n\nGiven that you have this kustomization:\n\n**kustomization.yaml**\n\n```yaml\napiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\ngenerators:\n  # make sure it is referenced in the .generators list\n  - external-secret.yaml\n```\n\n**external-secret.yaml**\n\n```yaml\napiVersion: imranismail.dev/v1\nkind: ExternalSecret\ntype: Opaque\nmetadata:\n  name: my-secret\n  annotations:\n    whatever: \"whatever\"\n  labels:\n    whatever: \"whatever\"\nspec:\n  # generator options\n  behavior: create\n  disableNameSuffixHash: false\n  # aws secrets manager config\n  secretsManagerConfig:\n    region: \"ap-southeast-1\"\n  dataFrom:\n    - secretsManagerRef:\n        name: \"myapp/production\"\n    - secretsManagerRef:\n        name: \"myapp/production\"\n        # override .spec.secretsManagerConfig.region\n        region: \"ap-northeast-1\"\n  data:\n    # inline values\n    - key: \"DB_HOSTNAME\"\n      value: \"some-custom-hostname\"\n    - key: \"DB_PASSWORD\"\n      valueFrom:\n        secretsManagerRef:\n          name: \"myapp/production\"\n          # look up key in secret\n          key: \"db-password\"\n          # override .secretsManagerConfig.region\n          region: \"ap-northeast-1\"\n    # take the whole secret as a file\n    - key: \"secret.json\"\n      valueFrom:\n        secretsManagerRef:\n          name: \"myapp/production\"\n          # omit key to take the whole secret as a file\n          # key: \"db-password\"\n```\n\nIt outputs this:\n\n```yaml\napiVersion: imranismail.dev/v1\nkind: Secret\nmetadata:\n  name: my-secret\n  annotations:\n    whatever: \"whatever\"\n  labels:\n    whatever: \"whatever\"\ntype: Opaque\ndata:\n  # key and base64 encoded values from remote datastores\n  { { key } }: { { val } }\n```\n\n## Override Logic\n\nCurrently `data` always overrides `dataFrom`. This works similar to Kubernetes Container V1 API for the [`env`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#envvarsource-v1-core) and [`envFrom`](ps://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#envfromsource-v1-core) field.\n\n## AWS Credentials\n\nThis tool relies on the default behavior of the AWS SDK V2 for Go to determine AWS credentials and region.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimranismail%2Fexternal-secret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimranismail%2Fexternal-secret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimranismail%2Fexternal-secret/lists"}