{"id":28376231,"url":"https://github.com/phasehq/kubernetes-secrets-operator","last_synced_at":"2025-09-23T07:07:48.897Z","repository":{"id":207709402,"uuid":"719516160","full_name":"phasehq/kubernetes-secrets-operator","owner":"phasehq","description":"Securely sync secrets and environment variables with Phase in your Kubernetes cluster","archived":false,"fork":false,"pushed_at":"2025-08-11T19:26:33.000Z","size":156318,"stargazers_count":6,"open_issues_count":4,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-08-11T21:20:48.199Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phasehq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-11-16T10:36:37.000Z","updated_at":"2025-08-02T09:42:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"3c97cb3d-3237-410d-9b54-bc71a4c2f991","html_url":"https://github.com/phasehq/kubernetes-secrets-operator","commit_stats":null,"previous_names":["phasehq/kubernetes-secrets-operator"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/phasehq/kubernetes-secrets-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phasehq%2Fkubernetes-secrets-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phasehq%2Fkubernetes-secrets-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phasehq%2Fkubernetes-secrets-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phasehq%2Fkubernetes-secrets-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phasehq","download_url":"https://codeload.github.com/phasehq/kubernetes-secrets-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phasehq%2Fkubernetes-secrets-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276531910,"owners_count":25658836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-23T02:00:09.130Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-30T00:05:59.975Z","updated_at":"2025-09-23T07:07:48.877Z","avatar_url":"https://github.com/phasehq.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Phase Kubernetes Operator\n\n### Securely sync secrets and environment variables with Phase in your Kubernetes cluster.\n\n```\n                     @@@\n              @@@@@@@@@@\n          @@@@@@@@@@@@@@@@\n       P@@@@@\u0026@@@?\u0026@@\u0026@@@@@P\n     P@@@@#        @\u0026@    @P@@@\n    \u0026@@@#         *@\u0026      #@@@\u0026\n   \u0026@@@5          \u0026@?       5@@@\u0026\n  Y@@@#          ^@@         #@@@J\n  #@@@7          B@5         7@@@#\n  #@@@?         .@@.         ?@@@#\n  @@@@\u0026         5@G          \u0026@@@7\n   #@@@B        @@^         #@@@B\n    B@@@@      .@#        7@@@@B\n     @@@@@@    \u0026.@       P@@@@@7\n       @@@@@@@@@@@@@@@@@@@@@\n          @@@@@@@@@@@@@@@\n             @@@@@@@@\n             @@@\n```\n\n## Features\n\n- Automatically sync secrets to your Kubernetes cluster\n- End-to-End encryption\n- Automatically redeploy deployments when a secret is updated\n- Sync secrets based on environment (dev, staging, prod), folders and tags\n- Transform secrets via secret processors\n\n```yaml\nmetadata:\n  annotations:\n    secrets.phase.dev/redeploy: \"true\"\n```\n\n## Installation:\n\n### 1. Install the Operator via Helm\n\nAdd the Phase Helm repository and update it:\n\n```fish\nhelm repo add phase https://helm.phase.dev \u0026\u0026 helm repo update\n```\n\nInstall the Phase Secrets Operator:\n\n```fish\nhelm install phase-secrets-operator phase/phase-kubernetes-operator --set image.tag=v1.0.1\n```\n\n    It's best practice to specify the version in production environments to avoid\n    unintended upgrades. Find available versions on our [GitHub\n    releases](https://github.com/phasehq/kubernetes-secrets-operator/releases).\n\n### 2. Create a Service Token Secret in Kubernetes\n\nSecurely create a Service Token Secret using `read` (recommended for more security as it avoids writing the token to disk or shell history)\n\nRun this command, paste the Phase Service Token and hit enter:\n\n```fish\nread -s TOKEN\nkubectl create secret generic phase-service-token \\\n  --from-literal=token=$TOKEN \\\n  --type=Opaque \\\n  --namespace=default\nunset TOKEN\n```\n\nAlternatively, create it directly using `kubectl`:\n\n```fish\nkubectl create secret generic phase-service-token \\\n  --from-literal=token=\u003cTOKEN\u003e \\\n  --type=Opaque \\\n  --namespace=default\n```\n\n### 3. Deploy the Phase Secrets Operator CR (Custom Resource)\n\nCreate a custom resource file: `phase-secrets-operator-cr.yaml`\n\n```yaml\napiVersion: secrets.phase.dev/v1alpha1\nkind: PhaseSecret\nmetadata:\n  name: example-phase-secret\n  namespace: default\nspec:\n  phaseApp: \"the-name-of-your-phase-app\" # The name of your Phase application\n  phaseAppEnv: \"prod\" # OPTIONAL - The Phase application environment to fetch secrets from\n  phaseHost: \"https://console.phase.dev\" # OPTIONAL - URL of the Phase Console instance\n  authentication:\n    serviceToken:\n      serviceTokenSecretReference:\n        secretName: \"phase-service-token\" # Name of the service token with access to your Phase application\n        secretNamespace: \"default\"\n  managedSecretReferences:\n    - secretName: \"my-application-secret\" # Name of the Kubernetes managed secret that Phase will sync\n      secretNamespace: \"default\"\n```\n\nDeploy the custom resource:\n\n```fish\nkubectl apply -f phase-secrets-operator-cr.yaml\n```\n\nWatch for `my-application-secret` managed secret being created:\n\n```fish\nwatch kubectl get secrets\n```\n\nView the secrets:\n\n```fish\nkubectl get secret my-application-secret -o yaml\n```\n\n    The operator automatically synchronizes secrets every 60 seconds.\n\n[Phase Kubernetes Operator - Docs](https://docs.phase.dev/integrations/platforms/kubernetes)\n\n## Development:\n\n1. Install python dependencies\n\n```\npip3 install -r requirements.txt\n```\n\n2. Create a local kind cluster (skip if you have one already setup)\n\n```fish\nkind create cluster\n```\n\n3. Export kindconfig\n\n```\nkind get kubeconfig --name \"kind\" \u003e ~/.kube/config\n```\n\nVerify that the cluster is up:\n\n```\nkubectl get nodes\n```\n\n4. Create a copy of the CR (Custom Resource) and CRD (Custom Resource Definition):\n\n```\ncp cr-template.yaml dev-cr.yaml\n```\n\n```\ncp crd-template.yaml dev-crd.yaml\n```\n\nFeel free to make changes\n\n5. Create a secret in kubernetes containing the Phase Service Token\n\n```fish\nkubectl create secret generic phase-service-token \\\n --from-literal=token=\u003cYOUR_PHASE_SERVICE_TOKEN\u003e \\\n --type=Opaque \\\n --namespace=default\n```\n\n6. Apply the CRD and CR respectively\n\n```fish\nkubectl apply -f dev-crd.yaml\n```\n\n```fish\nkubectl apply -f dev-cr.yaml\n```\n\n7. Start the operator via Kopf\n\n```fish\nkopf run src/main.py\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphasehq%2Fkubernetes-secrets-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphasehq%2Fkubernetes-secrets-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphasehq%2Fkubernetes-secrets-operator/lists"}