https://github.com/argyle-engineering/ksops
A Flexible KRM based Kustomize Plugin for SOPS Encrypted Secrets.
https://github.com/argyle-engineering/ksops
krm kustomize plugin sops
Last synced: about 2 months ago
JSON representation
A Flexible KRM based Kustomize Plugin for SOPS Encrypted Secrets.
- Host: GitHub
- URL: https://github.com/argyle-engineering/ksops
- Owner: argyle-engineering
- License: mit
- Created: 2021-10-17T21:28:17.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-06-27T07:13:56.000Z (12 months ago)
- Last Synced: 2024-06-27T08:31:53.550Z (12 months ago)
- Topics: krm, kustomize, plugin, sops
- Language: Go
- Homepage:
- Size: 160 KB
- Stars: 4
- Watchers: 5
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# KSOPS
[](https://github.com/argyle-engineering/ksops/actions/workflows/ci.yaml)
KSOPS is a flexible Kustomize KRM-based plugin for SOPS encrypted resources. This repository provides a completely new KRM-based plugin with no affiliation with the existing Go-based ksops plugin.
## Features
- A flexible Kustomize KRM-based plugin for SOPS encrypted resources.
- Provides the ability to fail silently if the generator fails to decrypt files.
- Generates dummy secrets with the `KSOPS_GENERATE_DUMMY_SECRETS` environment variable.
- Example files and PGP key are provided with the repository to test KSOPS.## Installation
To install KSOPS, download the binary and add it to your path.
TL;DR
For MacOS Arm64:
```shell
export BINARY_PATH=~/go/bin/gh release download --clobber -R argyle-engineering/ksops --pattern ksops_Darwin_arm64.tar.gz && mkdir ksops && tar -xzvf ksops_Darwin_arm64.tar.gz -C ksops && chmod +x ksops/ksops && mv ksops/ksops $BINARY_PATH && rm -r ksops/ ksops_Darwin_arm64.tar.gz
```## Usage
To use KSOPS example, follow these steps:
1. Import the GPG key: `gpg --import example/sops_functional_tests_key.asc`.
2. Build and decrypt the example files: `kustomize build --enable-alpha-plugins --enable-exec example/`.To generate dummy secrets, set the `KSOPS_GENERATE_DUMMY_SECRETS` environment variable to `true`. For example: `KSOPS_GENERATE_DUMMY_SECRETS=TRUE kustomize build --enable-alpha-plugins `.
To allow KSOPS to fail silently, add the following to the generator:
```yaml
apiVersion: argyle.com/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |2-
exec:
path: ksops
fail-silently: true
files:
- ./secret.enc.yaml
```## Release Process
To release a new version, install `goreleaser` and set your GitHub token:
```shell
brew install goreleaser syft
export GITHUB_TOKEN="YOUR_GH_TOKEN"
```Then, create a tag and push it to GitHub:
```shell
git tag -a v0.1.0
git push origin v0.1.0
```Finally, run the following command:
```shell
goreleaser release
```or use docker
```shell
docker buildx build --platform linux/arm64,linux/amd64 -t ksops:v1.0.3 --push .
```