https://github.com/argyle-engineering/ksops

A Flexible KRM based Kustomize Plugin for SOPS Encrypted Secrets.
https://github.com/argyle-engineering/ksops

krm kustomize plugin sops

Last synced: about 2 months ago
JSON representation

A Flexible KRM based Kustomize Plugin for SOPS Encrypted Secrets.

• Host: GitHub
• URL: https://github.com/argyle-engineering/ksops
• Owner: argyle-engineering
• License: mit
• Created: 2021-10-17T21:28:17.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2024-06-27T07:13:56.000Z (12 months ago)
• Last Synced: 2024-06-27T08:31:53.550Z (12 months ago)
• Topics: krm, kustomize, plugin, sops
• Language: Go
• Homepage:
• Size: 160 KB
• Stars: 4
• Watchers: 5
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
# KSOPS

[![CI Status](https://github.com/argyle-engineering/ksops/actions/workflows/ci.yaml/badge.svg)](https://github.com/argyle-engineering/ksops/actions/workflows/ci.yaml)

KSOPS is a flexible Kustomize KRM-based plugin for SOPS encrypted resources. This repository provides a completely new KRM-based plugin with no affiliation with the existing Go-based ksops plugin.

## Features

- A flexible Kustomize KRM-based plugin for SOPS encrypted resources.

- Provides the ability to fail silently if the generator fails to decrypt files.

- Generates dummy secrets with the `KSOPS_GENERATE_DUMMY_SECRETS` environment variable.

- Example files and PGP key are provided with the repository to test KSOPS.

## Installation

To install KSOPS, download the binary and add it to your path.

TL;DR

For MacOS Arm64:

```shell

export BINARY_PATH=~/go/bin/

gh release download --clobber -R argyle-engineering/ksops --pattern ksops_Darwin_arm64.tar.gz && mkdir ksops && tar -xzvf ksops_Darwin_arm64.tar.gz -C ksops && chmod +x ksops/ksops && mv ksops/ksops $BINARY_PATH && rm -r ksops/ ksops_Darwin_arm64.tar.gz

```

## Usage

To use KSOPS example, follow these steps:

1. Import the GPG key: `gpg --import example/sops_functional_tests_key.asc`.

2. Build and decrypt the example files: `kustomize build --enable-alpha-plugins --enable-exec example/`.

To generate dummy secrets, set the `KSOPS_GENERATE_DUMMY_SECRETS` environment variable to `true`. For example: `KSOPS_GENERATE_DUMMY_SECRETS=TRUE kustomize build --enable-alpha-plugins `.

To allow KSOPS to fail silently, add the following to the generator:

```yaml

apiVersion: argyle.com/v1

kind: ksops

metadata:

  name: secret-generator

  annotations:

    config.kubernetes.io/function: |2-

      exec:

        path: ksops  

fail-silently: true

files:

- ./secret.enc.yaml

```

## Release Process

To release a new version, install `goreleaser` and set your GitHub token:

```shell

brew install goreleaser syft 

export GITHUB_TOKEN="YOUR_GH_TOKEN"

```

Then, create a tag and push it to GitHub:

```shell

git tag -a v0.1.0

git push origin v0.1.0

```

Finally, run the following command:

```shell

goreleaser release

```

or use docker 

```shell

docker buildx build --platform linux/arm64,linux/amd64 -t ksops:v1.0.3 --push .

```