https://github.com/craftypath/kubectl-sops
A kubectl-plugin for SOPS operator https://github.com/craftypath/sops-operator
https://github.com/craftypath/kubectl-sops
kubectl kubernetes kubernetes-operator plugin sops sops-operator
Last synced: about 2 months ago
JSON representation
A kubectl-plugin for SOPS operator https://github.com/craftypath/sops-operator
- Host: GitHub
- URL: https://github.com/craftypath/kubectl-sops
- Owner: craftypath
- License: apache-2.0
- Created: 2020-05-15T13:44:01.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2021-02-15T22:45:44.000Z (over 5 years ago)
- Last Synced: 2025-03-30T08:32:43.898Z (over 1 year ago)
- Topics: kubectl, kubernetes, kubernetes-operator, plugin, sops, sops-operator
- Language: Go
- Homepage:
- Size: 214 KB
- Stars: 2
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# kubectl-sops
[](https://opensource.org/licenses/Apache-2.0)

A `kubectl` plugin for creating `SopsSecret` resources.
See https://github.com/craftypath/sops-operator.
The plugin automatically encrypts data using [Mozilla SOPS](https://github.com/mozilla/sops) and wraps them into a `SopsSecret`.
The interface is the same as that of `kubectl create secret`.
Additional args for SOPS must be passed after the `--` delimiter.
## Installation
Download a release for your platform and add it to the `PATH`.
A distribution via [Krew](https://krew.sigs.k8s.io/) is planned.
## Examples
### From literal values
```console
kubectl sops create secret generic test-secret --from-literal foo=foo_secret --from-literal bar=bar_secret -- \
--kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
```
### From file
```console
kubectl sops create secret generic test-secret --from-file test.yaml -- \
--kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
```
### From file printing resulting YAML without applying it
```console
kubectl sops create secret generic test-secret --from-literal foo.yaml="bar: barvalue" --dry-run -o yaml -- \
--kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
```