{"id":41937981,"url":"https://github.com/microscaler/secret-manager-controller","last_synced_at":"2026-01-25T18:16:49.520Z","repository":{"id":324195496,"uuid":"1096290127","full_name":"microscaler/secret-manager-controller","owner":"microscaler","description":null,"archived":false,"fork":false,"pushed_at":"2025-12-31T18:34:16.000Z","size":12747,"stargazers_count":0,"open_issues_count":11,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-05T02:29:04.751Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microscaler.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-14T07:57:48.000Z","updated_at":"2025-11-24T20:01:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/microscaler/secret-manager-controller","commit_stats":null,"previous_names":["microscaler/secret-manager-controller"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/microscaler/secret-manager-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microscaler%2Fsecret-manager-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microscaler%2Fsecret-manager-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microscaler%2Fsecret-manager-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microscaler%2Fsecret-manager-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microscaler","download_url":"https://codeload.github.com/microscaler/secret-manager-controller/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microscaler%2Fsecret-manager-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28756433,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T16:32:25.380Z","status":"ssl_error","status_checked_at":"2026-01-25T16:32:09.189Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-25T18:16:49.383Z","updated_at":"2026-01-25T18:16:49.514Z","avatar_url":"https://github.com/microscaler.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secret Manager Controller\n\n**The Missing Bridge Between GitOps and Serverless**\n\nA Kubernetes controller that syncs SOPS-encrypted secrets from GitOps repositories (FluxCD/ArgoCD) to cloud-native secret stores (GCP Secret Manager, AWS Secrets Manager, Azure Key Vault), enabling serverless migration while preserving your GitOps workflow.\n\n## Why This Exists\n\nFinance and platform leadership are mandating cost optimization through serverless adoption. The problem? **SOPS works for Kubernetes, but not serverless.**\n\nWhen secrets exist only inside Kubernetes (encrypted via SOPS), you're left with:\n- ❌ Two parallel worlds of secrets (K8s vs. serverless)\n- ❌ No unified pipeline between GitOps and serverless\n- ❌ Massive friction for teams wanting to migrate workloads\n- ❌ Hidden opportunity costs from manual secret management\n\n**The lack of a unified secret delivery mechanism was holding organizations back from achieving real FinOps savings.**\n\n## What It Does\n\nSecret Manager Controller reads SOPS-encrypted secrets from Git, decrypts them securely inside Kubernetes, and pushes them into cloud-native secret managers:\n\n- ✔ **Google Secret Manager** (GCP)\n- ✔ **AWS Secrets Manager**\n- ✔ **Azure Key Vault**\n\nThis enables:\n- ✅ **Serverless migration** — Unlock workloads previously blocked by secret management\n- ✅ **Reduced cloud bill** — Shrink Kubernetes footprint, move to serverless\n- ✅ **Unified workflow** — One pipeline for K8s and serverless\n- ✅ **GitOps-first** — Preserve your existing SOPS + Git workflow\n\n## Quick Start\n\n```bash\n# Apply CRD\nkubectl apply -f https://raw.githubusercontent.com/microscaler/secret-manager-controller/main/config/crd/secretmanagerconfig.yaml\n\n# Deploy controller\nkubectl apply -k https://github.com/microscaler/secret-manager-controller/config/\n```\n\nSee the [Installation Guide](https://secret-manager-controller.microscaler.io/#/user/getting-started/installation) for detailed setup instructions.\n\n## Documentation\n\n📚 **Comprehensive documentation is available at: [secret-manager-controller.microscaler.io](https://secret-manager-controller.microscaler.io)**\n\n### Getting Started\n- [Installation](https://secret-manager-controller.microscaler.io/#/user/getting-started/installation) - Deploy to your Kubernetes cluster\n- [Quick Start](https://secret-manager-controller.microscaler.io/#/user/getting-started/quick-start) - Create your first SecretManagerConfig\n- [Configuration](https://secret-manager-controller.microscaler.io/#/user/getting-started/configuration) - Configure your cloud provider\n\n### Key Guides\n- [Architecture Overview](https://secret-manager-controller.microscaler.io/#/user/architecture/overview) - Understand how it works\n- [Serverless Integration](https://secret-manager-controller.microscaler.io/#/user/architecture/serverless-integration) - Deploy to CloudRun, Lambda, Functions\n- [GitOps Integration](https://secret-manager-controller.microscaler.io/#/user/guides/gitops-integration) - Integrate with FluxCD or ArgoCD\n- [SOPS Setup](https://secret-manager-controller.microscaler.io/#/user/guides/sops-setup) - Encrypt secrets in Git\n\n### Provider Setup\n- [GCP Setup](https://secret-manager-controller.microscaler.io/#/user/guides/gcp-setup) - Google Cloud Platform configuration\n- [AWS Setup](https://secret-manager-controller.microscaler.io/#/user/guides/aws-setup) - Amazon Web Services configuration\n- [Azure Setup](https://secret-manager-controller.microscaler.io/#/user/guides/azure-setup) - Microsoft Azure configuration\n\n### API Reference\n- [CRD Reference](https://secret-manager-controller.microscaler.io/#/user/api-reference/crd-reference) - Complete CRD documentation\n- [Configuration Options](https://secret-manager-controller.microscaler.io/#/user/api-reference/configuration-options) - All configuration parameters\n- [Provider APIs](https://secret-manager-controller.microscaler.io/#/user/api-reference/provider-apis) - Cloud provider API details\n\n### CLI Tool\n- [MSMCTL CLI](https://secret-manager-controller.microscaler.io/#/user/guides/msmctl-cli) - Command-line tool for managing the controller\n\n## Features\n\n- **GitOps-Agnostic** - Works with FluxCD, ArgoCD, or any GitOps tool\n- **Multi-Cloud Support** - GCP, AWS, and Azure from one controller\n- **SOPS Integration** - Automatically decrypts SOPS-encrypted secrets\n- **Kustomize Support** - Extracts secrets from Kustomize-built configurations\n- **Workload Identity** - Uses Workload Identity/IRSA by default (no credential management)\n- **GitOps-Driven** - Git is the source of truth; cloud providers are synced automatically\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](https://secret-manager-controller.microscaler.io/#/contributor/contributing/contributing-guide) for details.\n\nFor development setup, see:\n- [Development Setup](https://secret-manager-controller.microscaler.io/#/contributor/development/setup)\n- [Tilt Integration](https://secret-manager-controller.microscaler.io/#/contributor/development/tilt-integration)\n- [Testing Guide](https://secret-manager-controller.microscaler.io/#/contributor/testing/testing-guide)\n\n## License\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n---\n\n**Questions?** Check out our [troubleshooting guide](https://secret-manager-controller.microscaler.io/#/user/tutorials/troubleshooting) or explore the full [documentation site](https://secret-manager-controller.microscaler.io).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicroscaler%2Fsecret-manager-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicroscaler%2Fsecret-manager-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicroscaler%2Fsecret-manager-controller/lists"}