{"id":19777186,"url":"https://github.com/ppy/kubernetes-secrets-exporter","last_synced_at":"2025-07-17T18:34:43.151Z","repository":{"id":74645574,"uuid":"527027692","full_name":"ppy/kubernetes-secrets-exporter","owner":"ppy","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-19T14:33:59.000Z","size":56,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-05-01T11:26:26.441Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ppy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-08-20T20:01:10.000Z","updated_at":"2024-05-01T11:26:26.441Z","dependencies_parsed_at":null,"dependency_job_id":"651b33d8-3de6-466e-8bb2-b514ff006aa0","html_url":"https://github.com/ppy/kubernetes-secrets-exporter","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppy%2Fkubernetes-secrets-exporter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppy%2Fkubernetes-secrets-exporter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppy%2Fkubernetes-secrets-exporter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppy%2Fkubernetes-secrets-exporter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ppy","download_url":"https://codeload.github.com/ppy/kubernetes-secrets-exporter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224221719,"owners_count":17275902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T05:23:33.313Z","updated_at":"2024-11-12T05:23:33.891Z","avatar_url":"https://github.com/ppy.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubernetes-secrets-exporter\n\nMicro-service to expose Kubernetes secrets to clients using client certificates over HTTPS\n\n## Architecture\n\nThis application serves secrets to allow-listed clients, both defined in a ConfigMap manifest. It can be deployed in two listening modes:\n- In HTTP mode, the back-end expects a reverse proxy in front of the application to handle HTTPS and client certificate authentication. The back-end trusts the reverse proxy to pass the client certificate subject's common name via the `ssl-client-subject-dn` header. The application must not be exposed to anything but the reverse proxy.\n- In HTTPS mode, the back-end handles the TLS termination and client certificate authentication directly.\n\nThe ConfigMap manifest (name configured by the `CONFIGMAP_NAME` env var, defaults to `kubernetes-secrets-exporter`) contains a single entry: `secrets.json` which lists secrets with allow-listed clients for each.  \nSee the schema in [configmap.schema.json](/configmap.schema.json).\n\n## Deployment \u0026 Usage\n\nWe only support deployment and usage of this micro-service through our Helm chart. See: https://github.com/ppy/helm-charts/tree/master/osu/kubernetes-secrets-exporter\n\n## API\n\nA single API call is available: `/secrets/:secretName/download/:key`.  \nIf authenticated and authorized, this endpoint will deliver the value of the `:key` element inside the secret named `:secretName`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fppy%2Fkubernetes-secrets-exporter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fppy%2Fkubernetes-secrets-exporter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fppy%2Fkubernetes-secrets-exporter/lists"}