{"id":23246480,"url":"https://github.com/openware/kaigara","last_synced_at":"2025-08-20T05:31:57.354Z","repository":{"id":37800881,"uuid":"252834236","full_name":"openware/kaigara","owner":"openware","description":"Devops swiss army knife","archived":false,"fork":false,"pushed_at":"2023-07-26T22:01:42.000Z","size":499,"stargazers_count":14,"open_issues_count":7,"forks_count":12,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-08-18T12:56:10.074Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-03T20:30:27.000Z","updated_at":"2025-07-31T20:19:58.000Z","dependencies_parsed_at":"2024-06-18T19:53:34.852Z","dependency_job_id":"d5f453c0-8d99-49bb-9073-147564696272","html_url":"https://github.com/openware/kaigara","commit_stats":{"total_commits":99,"total_committers":17,"mean_commits":5.823529411764706,"dds":0.8080808080808081,"last_synced_commit":"1e5c85155bc7ec912484af207ae389b1dfc0b78d"},"previous_names":[],"tags_count":87,"template":false,"template_full_name":null,"purl":"pkg:github/openware/kaigara","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openware%2Fkaigara","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openware%2Fkaigara/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openware%2Fkaigara/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openware%2Fkaigara/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openware","download_url":"https://codeload.github.com/openware/kaigara/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openware%2Fkaigara/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271269174,"owners_count":24730085,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-19T07:15:14.842Z","updated_at":"2025-08-20T05:31:56.964Z","avatar_url":"https://github.com/openware.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kaigara\n\nKaigara is an entrypoint/wrapper for commands, CLI's and beyond.\nIt enables teams to build components and deployments with improved configuration and observability our of the box.\n\n## Features\n\n * Fetch configuration from secret storage and inject into target command environment\n * Support the storage of configuration files and env vars into secret storage(Vault KV, MySQL, PostgreSQL, K8s secrets)\n * Restart subprocesses on configuration updates(allows for dynamic configs)\n * Create files on startup from env vars starting with `KNAME_`\n\nSee more in the [docs folder](./docs).\n\n## Configuration\n\nKaigara supports three types of storage - Vault, SQL database and K8s secrets, that can be used with `vault`, `sql` and `k8s` values respectively with env var below:\n\n```sh\nexport KAIGARA_STORAGE_DRIVER=sql\n```\n\nIf you choose Vault, here are the required vars:\n\n```sh\nexport KAIGARA_VAULT_ADDR=http://localhost:8200\nexport KAIGARA_VAULT_TOKEN=changeme\n```\n\nIf you choose SQL driver, then these vars should be set:\n\n```sh\n# Supported SQL drivers are postgres and mysql\nexport KAIGARA_DATABASE_DRIVER=postgres\nexport KAIGARA_DATABASE_HOST=localhost\nexport KAIGARA_DATABASE_PORT=5432\nexport KAIGARA_DATABASE_USER=postgres\nexport KAIGARA_LOG_LEVEL=1\n```\n\nAlso, SQL driver supports name overriding for database, schema and table. Table migration is completely automated, but database and schema should exist beforehand if you specify them:\n```sh\nexport KAIGARA_DATABASE_NAME=kaigara_opendax_uat # by default 'kaigara_*deployment_id*'\nexport KAIGARA_DATABASE_SCHEMA=finex             # by default no schema is used\nexport KAIGARA_DATABASE_TABLE=configs            # by default 'data'\n```\n\nIf you choose K8s secrets driver, KUBECONFIG should be set:\n\n```sh\nexport KUBECONFIG=*path-to-kube-config*\n```\n\nAll storage drivers are created with **encryptor**, that is used to encrypt/decrypt vars in the secret scope:\n\n```sh\n# Supported encryptors are transit (using Vault Transit), aes and plaintext (default)\nexport KAIGARA_ENCRYPTOR=transit\n\n# If you use AES encryption method, you need provide an AES key\nexport KAIGARA_ENCRYPTOR_AES_KEY=changemechangeme\n\n# For Vault transit encryption method, use the following\nexport KAIGARA_VAULT_ADDR=http://localhost:8200\nexport KAIGARA_VAULT_TOKEN=changeme\n```\n\nAfter that in most situation you should set these **platform** vars as well:\n\n```sh\n# Your platform id used as secretspace in secret storage\nexport KAIGARA_DEPLOYMENT_ID=opendax_uat\n\n# [OPTIONAL] App names separated by comma\nexport KAIGARA_APP_NAME=peatio\n\n# Scopes separated by comma\nexport KAIGARA_SCOPES=public,private,secret\n```\n\nIf you are using `kaigara` CLI, you could also set:\n\n```sh\n# If you want to ignore secrets in global app\nexport KAIGARA_IGNORE_GLOBAL=true\n```\n\nExample env vars are stored in [kaigara.env](./examples/kaigara.env).\n\n## Manage secrets\n\n### Vault\n\nTo **list** existing **app names**, run:\n\n```sh\nvault list secret/metadata/$KAIGARA_DEPLOYMENT_ID\n```\n\nTo **list** existing **scopes** for an app name, run:\n```sh\nvault list secret/metadata/$KAIGARA_DEPLOYMENT_ID/$KAIGARA_APP_NAME\n```\n\nTo **read** existing secrets for a given app name and scope, run:\n```sh\nvault read secret/data/$KAIGARA_DEPLOYMENT_ID/$KAIGARA_APP_NAME/$KAIGARA_SCOPES -format=yaml\n```\n\nTo **delete** existing secrets for a given app name and scope, run:\n```sh\nvault delete secret/data/$KAIGARA_DEPLOYMENT_ID/$KAIGARA_APP_NAME/$KAIGARA_SCOPES\n```\n\n**Warning**: Commands above assume that vars `KAIGARA_APP_NAME` and `KAIGARA_SCOPES` are single (doesn't have commas).\n\n### SQL\n\n**Warning**: Queries below assume that you have active connection to Kaigara database, can run queries, and have enough permissions.\n\nThe name of Kaigara database is like `kaigara_$KAIGARA_DEPLOYMENT_ID`.\n\nTo **list** existing **app names**, run:\n\n```sql\nSELECT DISTINCT(app_name) FROM data;\n```\n\nTo **list** existing **scopes** for an app name, run:\n\n```sql\nSELECT DISTINCT(scope) FROM data WHERE app_name = '*app_name*';\n```\n\nTo **read** existing secrets for a given app name and scope, run:\n\n```sql\nSELECT value FROM data WHERE app_name = '*app_name*'AND scope = '*scope*';\n```\n\nTo **delete** existing secrets for a given app name and scope, run:\n\n```sql\nDELETE FROM data WHERE app_name = '*app_name*'AND scope = '*scope*';\n```\n\n### K8s\n\nPrepare K8s deployment variables\n\n```sh\nexport KUBECONFIG=path-to-kube-config\nexport DEPLOYMENT_NS=$(echo $KAIGARA_DEPLOYMENT_ID | sed -e \"s/_/-/g\")\n```\n\nTo **list** existing **app names**, run:\n\n```sh\nkubectl get secret -n ${DEPLOYMENT_NS} | grep kaigara | cut -d \"-\" -f 2 | awk '{ print $1 }' | uniq\n```\n\nTo **list** existing **scopes** for an app name, run:\n\n```sh\nkubectl get secret -n ${DEPLOYMENT_NS} | grep kaigara-${KAIGARA_APP_NAME} | cut -d \"-\" -f 3 | awk '{ print $1 }'\n```\n\nTo **read** existing secrets for a given app name and scope, run:\n\n```sh\nkubectl get secret kaigara-${KAIGARA_APP_NAME}-${KAIGARA_SCOPES} -n ${DEPLOYMENT_NS} \\\n  -o go-template='{{range $k,$v := .data}}{{printf \"%s: \" $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{\"\\n\"}}{{end}}'\n```\n\nTo **delete** existing secrets for a given app name and scope, run:\n\n```sh\nkubectl delete secret kaigara-${KAIGARA_APP_NAME}-${KAIGARA_SCOPES} -n ${DEPLOYMENT_NS}\n```\n\n**Warning**: Commands above assume that vars `KAIGARA_APP_NAME` and `KAIGARA_SCOPES` are single (doesn't have commas).\n\n### Encryptor\n\nEncryptor is used only to encrypt/decrypt vars from `secret` scope.\n\nIf you use `plaintext` (default setting), then there is no encryption and you can read your secrets freely, but in the case of `transit` or `aes` encryption you won't be able to read their contents directly, you'd only see its encrypted version.\n\n#### Transit\n\n**Warning**: If you use `transit` encryptor, make sure to enable Transit engine in Vault:\n\n```sh\nvault secrets enable transit\n```\n\nTo **find out** whether Transit key exists or not:\n\n```sh\nvault list transit/keys | grep *deployment_id*_kaigara_*app_name*\n```\n\nTo **create** a Transit key, run:\n\n```sh\nvault write -f transit/keys/*deployment_id*_kaigara_*app_name*\n```\n\nTo **encrypt** a plain text string, run:\n\n```sh\nvault write transit/encrypt/*deployment_id*_kaigara_*app_name* -plaintext=*text*\n```\n\nTo **decrypt** a cipher text string, run:\n```sh\nvault write transit/decrypt/*deployment_id*_kaigara_*app_name* -ciphertext=*text*\n```\n\n### AES\n\nThe AES encryptor type is implemented with GCM, that currently is not supported by `openssl` CLI tool.\n\nIf you need to debug or just encrypt/decrypt secrets in the same way as Kaigare does it, you can use something like [this](https://github.com/jforissier/aesgcm).\n\n### Using kai CLI\n\n`kai` CLI tool encapsulates all the previously separated tools(`kaidump`, `kaisave`, `kaidump`, `kaidel`) in one. For example, if you ran command `kaidump` before, now you can run it as `kai dump`.\n\nIf you're not sure about any subcommand's usage, run `kai -help` or `kai *cmd* -help`.\n\nYou can set `KAICONFIG` var in your shell to file path and store there **configuration of Kaigara** there to reuse later.\n\nFor example, if a file `~/.kaigara/kaiconf.yaml` with contents of [kaiconf.yaml](./examples/kaiconf.yaml) is created, set `KAICONFIG` to its path and run:\n\n```sh\nkai dump\n```\n\nIt will dump secrets from *peatio* app and *public*, *private* and *secret* scopes, exactly as mentioned in the config.\n\nBut if you run:\n\n```sh\nKAIGARA_SCOPES=private kai dump\n```\n\nThe env var would override the file config and only *private* secrets will be dumped from the configured app.\n\nWith `kai` tool you can also redefine vars by passing values to parameters, so if we will continue with previous command:\n\n```sh\nKAIGARA_SCOPES=private kai dump -s public\n```\n\nThen only *public* secrets will be dumped from the same app.\n\n### Bulk writing secrets to the secret store\n\nTo write secrets from the command line, save in a YAML file with a format similar to [secrets.yaml](./examples/secrets.yaml) and run:\n\n```sh\nkai save -f *filepath*\n```\n\n**Warning**: All scopes to be used by a component **must** be initialized(e.g. `public: {}, private: {}, secret: {}`)\n\nMake sure to wrap numeric and boolean values in quotes(e.g. `\"4269\"`, `\"true\"`), getting errors such as `interface{} is bool|json.Number|etc` is directly linked to unquoted values.\n\nAn example import file look similar to:\n```yaml\nsecrets:\n  global:\n    scopes:\n      private:\n        global_key1: value1\n        global_key2:\n          - value2\n          - value3\n        global_key3:\n          key4: value4\n      public:\n        global_key0: trustworthy\n        global_key1: true\n        global_key2:\n          - value2\n          - value3\n        global_key3:\n          key4: \"1337\"\n          time:\n            to: recover\n        global_key1337: \"1337\"\n      secret:\n        global_key1: just a string\n  peatio:\n      scopes:\n        private:\n          key1: value1\n          key2:\n            - value2\n            - value3\n          key3:\n            key4: value4\n        public:\n          key1: value1\n          key2:\n            - value2\n            - value3\n          key3:\n            key4: value4\n        secret:\n          key1: value1\n```\n\n### Dump and output configs\n\nTo dump and output secrets from the storage, run:\n\n```sh\nkai dump -o *outputs_path*\n```\n\nMake sure you've set `KAIGARA_SCOPES` env var before using `kaidump`.\n\n### Delete configs\n\nTo delete configs from the storage, run:\n\n```sh\nkai del *app.scope.var*\n```\n\nFor example, if you want to delete `finex_database_host` from `secret` scope in `finex` app, you should run:\n\n```sh\nkai del finex.secret.finex_database_host\n```\n\nYou can also delete all entries from a scope:\n\n```sh\nkai del finex.secret.all\n```\n\nOr from the whole app:\n\n```sh\nkai del finex.all.all\n```\n\nOr even all present secrets from the current deployment ID:\n\n```sh\nkai del all.all.all\n```\n\n### Print internal environment variables\n\nTo print all environment variables including the ones loaded by Kaigara from the secret storage, run:\n\n```sh\nkai env\n```\n\nTo print exact environment variable, run:\n\n```sh\nkai env *ENV_NAME*\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenware%2Fkaigara","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenware%2Fkaigara","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenware%2Fkaigara/lists"}