Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/craftypath/sops-operator

A Kubernetes operator for Mozilla SOPS
https://github.com/craftypath/sops-operator

aws azure cloud devops gcp infra kms kubernetes kubernetes-operator secrets-management sops

Last synced: 2 days ago
JSON representation

A Kubernetes operator for Mozilla SOPS

Host: GitHub
URL: https://github.com/craftypath/sops-operator
Owner: craftypath
License: apache-2.0
Created: 2020-04-17T21:14:51.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-01-25T23:52:00.000Z (10 months ago)
Last Synced: 2024-05-22T14:32:00.455Z (6 months ago)
Topics: aws, azure, cloud, devops, gcp, infra, kms, kubernetes, kubernetes-operator, secrets-management, sops
Language: Go
Homepage:
Size: 718 KB
Stars: 27
Watchers: 5
Forks: 9
Open Issues: 9
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# SOPS Operator

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
![](https://github.com/craftypath/sops-operator/workflows/CI/badge.svg?branch=master)

A Kubernetes operator for [Mozilla SOPS](https://github.com/mozilla/sops).

## Overview

Put SOPS-encrypted data into a `SopsSecret` which can then be committed to a Git repository.
Once deployed on a Kubernetes cluster, the SOPS Operator will decrypt the data and create a standard Kubernetes `Secret` from it.

*Example for a SopsSecret:*

```yaml
apiVersion: craftypath.github.io/v1alpha1
kind: SopsSecret
metadata:
name: test-secret
spec:
metadata:
labels:
mylabel: mylabelvalue
annotations:
myannotation: myannotationvalue
stringData:
test.yaml: |
test: ENC[AES256_GCM,data:xo8jZTsQ,iv:DTouw1kgBLok6BbR5vx8366fFavV70QeCWGNQPhNb9s=,tag:RAjeoNhvGUezdOS4YOorfA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv:
- vault_url: https://myakskeyvault12345567.vault.azure.net
name: sops
version: 08faa451b1d04b8bacec0395fc8539f1
created_at: '2020-05-01T19:42:49Z'
enc: DvZNm3tfyoyWibQcVPts9ODRPs3aaHbRaXOPIx1Ukypa2nPmU4RCTchBPUoqscIxDjKpSy9k6A_dfE8XAu8-XrEyuOGCEy-i6Q1OtZSGW1XnWfWXPic5TF7XCVz_08h1My1RzVUr51PPNX9uazCqQeUTfBx05KC1bT3entgfttHp-98uZkZNaI8IUUnPGCH8bZzthsXRSvRQpbZcNoOW3y04pLAVYN3xVSOdDWQSElmntg_t7eVdCsmj4iXrC-J80VPU6BoZetcsQhOLjAhXHEYMOP7fqjd2bXob59Ad8rblUDwwtcZrku5lF_LVvAKGBURxockQXmEuVAjqha1SyA
lastmodified: '2020-05-01T19:42:50Z'
mac: ENC[AES256_GCM,data:L4YfHJ59L+/YFMTizeSmEz3QiFbNYoRBVeAJNbHOCUU0W7Iv/WfGnZuNnG5c3gOELYafc812CxCFHYwoLK0bLxOd+KHwGp5IBZ7zqrg91e04V/7Tc3iEYCE3YuTQZ56XMeSSKsct7HT7jxzmVMjW0ozJ06vzQCEC/Ljsl2NfFNs=,iv:RiBXtk6Gpc/MZvDRaGKlvA8A0K7E7bGdhs8tVa6LL5w=,tag:hwnh954tiRC/VBp6LQ6nPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.5.0
```

*Here's the Secret that's created from it:*

```yaml
apiVersion: v1
kind: Secret
metadata:
name: test-secret
labels:
mylabel: mylabelvalue
annotations:
myannotation: myannotationvalue
data:
test.yaml: dGVzdDogdGVzdHZhbHVlCg==
```

## Installation

A Helm chart is available in our charts repo at https://github.com/craftypath/helm-charts.

```console
helm repo add craftypath https://craftypath.github.io/helm-charts
helm install craftypath/sops-operator
```

Check out the chart's documentation for configuration options.