{"id":24946398,"url":"https://github.com/machinezone/configmapsecrets","last_synced_at":"2025-04-10T05:14:54.089Z","repository":{"id":40400594,"uuid":"199754536","full_name":"machinezone/configmapsecrets","owner":"machinezone","description":"A Kubernetes controller to manage configs with a mix of secret and non-secret data","archived":false,"fork":false,"pushed_at":"2023-12-18T22:50:00.000Z","size":25188,"stargazers_count":30,"open_issues_count":6,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-10T05:14:51.942Z","etag":null,"topics":["configmaps","kubernetes","kubernetes-secrets","secrets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/machinezone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-31T01:28:28.000Z","updated_at":"2024-07-02T23:29:14.000Z","dependencies_parsed_at":"2024-06-19T00:18:00.632Z","dependency_job_id":"a85f1687-dd8c-481d-b2b4-dbdce3ae8490","html_url":"https://github.com/machinezone/configmapsecrets","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machinezone%2Fconfigmapsecrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machinezone%2Fconfigmapsecrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machinezone%2Fconfigmapsecrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machinezone%2Fconfigmapsecrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/machinezone","download_url":"https://codeload.github.com/machinezone/configmapsecrets/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248161278,"owners_count":21057555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configmaps","kubernetes","kubernetes-secrets","secrets"],"created_at":"2025-02-02T20:24:23.239Z","updated_at":"2025-04-10T05:14:54.070Z","avatar_url":"https://github.com/machinezone.png","language":"Go","readme":"# ConfigMapSecrets\n\n[![Release](https://img.shields.io/github/release/machinezone/configmapsecrets)](https://github.com/machinezone/configmapsecrets/releases) [![API Reference](https://img.shields.io/badge/API-reference-blue)](/docs/api.md) [![Go Report Card](https://goreportcard.com/badge/github.com/machinezone/configmapsecrets)](https://goreportcard.com/report/github.com/machinezone/configmapsecrets) [![License](https://img.shields.io/github/license/machinezone/configmapsecrets.svg)](/LICENSE)\n\n### Problem\nI have [a config](https://prometheus.io/docs/alerting/configuration/) that contains a mixture\nof secret and non-secret data. For [some reason](https://github.com/prometheus/alertmanager/issues/504)\nI can't use environment variables to reference the secret data. I want to check my config\ninto source control, keep my secret data secure, and keep my non-secret data easily\nreadable and editable.\n\n### Solution\nUse a [ConfigMapSecret](docs/api.md#configmapsecret) which is safe to store in source control. It's like\na ConfigMap that includes your non-secret data, but it can reference Secret variables, similar to how\n[container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#container-v1-core)\nargs can reference env variables. The controller will expand and render it into a Secret in the same\nnamespace, keeping it updated to reflect changes to the ConfigMapSecret or its referenced variables.\n\nUse [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) to keep your referenced\nSecret data secure.\n\n## Installation\n\n```\nkubectl apply -f manifest/*.yaml\n```\n\n## Example\n\n### Input\n```yaml\napiVersion: secrets.mz.com/v1alpha1\nkind: ConfigMapSecret\nmetadata:\n name: alertmanager-config\n namespace: monitoring\n labels:\n app: alertmanager\nspec:\n template:\n metadata:\n # optional: name defaults to same as ConfigMapSecret\n name: alertmanager-config\n labels:\n app: alertmanager\n data:\n alertmanager.yaml: |\n global:\n resolve_timeout: 5m\n opsgenie_api_key: $(OPSGENIE_API_KEY)\n slack_api_url: $(SLACK_API_URL)\n route:\n receiver: default\n group_by: [\"alertname\", \"job\", \"team\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 12h\n routes:\n - receiver: foobar-sre\n match:\n team: foobar-sre\n - receiver: widget-sre\n match:\n team: widget-sre\n receivers:\n - name: default\n slack_configs:\n - channel: unrouted-alerts\n - name: foobar-sre\n opsgenie_configs:\n - responders:\n - name: foobar-sre\n type: team\n slack_configs:\n - channel: foobar-sre-alerts\n - name: widget-sre\n opsgenie_configs:\n - responders:\n - name: widget-sre\n type: team\n slack_configs:\n - channel: widget-sre\n vars:\n - name: OPSGENIE_API_KEY\n secretValue:\n name: alertmanager-keys\n key: opsgenieKey\n - name: SLACK_API_URL\n secretValue:\n name: alertmanager-keys\n key: slackURL\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: alertmanager-keys\n namespace: monitoring\n labels:\n app: alertmanager\nstringData:\n opsgenieKey: 9eccf784-bbad-11e9-9cb5-2a2ae2dbcce4\n slackURL: https://hooks.slack.com/services/EFNPN1/EVU44X/J51NVTYSKwuPtCz3\ntype: Opaque\n```\n\n### Output\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: alertmanager-config\n namespace: monitoring\n labels:\n app: alertmanager\nstringData:\n alertmanager.yaml: |\n global:\n resolve_timeout: 5m\n opsgenie_api_key: 9eccf784-bbad-11e9-9cb5-2a2ae2dbcce4\n slack_api_url: https://hooks.slack.com/services/EFNPN1/EVU44X/J51NVTYSKwuPtCz3\n route:\n receiver: default\n group_by: [\"alertname\", \"job\", \"team\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 12h\n routes:\n - receiver: foobar-sre\n match:\n team: foobar-sre\n - receiver: widget-sre\n match:\n team: widget-sre\n receivers:\n - name: default\n slack_configs:\n - channel: unrouted-alerts\n - name: foobar-sre\n opsgenie_configs:\n - responders:\n - name: foobar-sre\n type: team\n slack_configs:\n - channel: foobar-sre\n - name: widget-sre\n opsgenie_configs:\n - responders:\n - name: widget-sre\n type: team\n slack_configs:\n - channel: widget-sre\ntype: Opaque\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachinezone%2Fconfigmapsecrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmachinezone%2Fconfigmapsecrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachinezone%2Fconfigmapsecrets/lists"}