https://github.com/plumber-cd/kubectl-credentials-helper
This is a kubectl credentials helper. It is using your local OS keychain to store sensitive content of your KUBECONFIG.
https://github.com/plumber-cd/kubectl-credentials-helper
credentials-helper keychain keyring kubectl kubernetes
Last synced: 10 months ago
JSON representation
This is a kubectl credentials helper. It is using your local OS keychain to store sensitive content of your KUBECONFIG.
- Host: GitHub
- URL: https://github.com/plumber-cd/kubectl-credentials-helper
- Owner: plumber-cd
- License: apache-2.0
- Created: 2022-05-12T03:15:26.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2022-05-15T01:23:18.000Z (about 4 years ago)
- Last Synced: 2025-04-14T22:33:48.650Z (about 1 year ago)
- Topics: credentials-helper, keychain, keyring, kubectl, kubernetes
- Language: Go
- Homepage:
- Size: 82 KB
- Stars: 6
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# kubectl-credentials-helper
This is a `kubectl` credentials helper. It is using your local OS keychain to store sensitive content of your `KUBECONFIG`.
To install:
```bash
go install github.com/plumber-cd/kubectl-credentials-helper
```
You can also download this from releases.
To secure your existing `KUBECONFIG`, use:
```bash
kubectl-credentials-helper secure --kubeconfig path
```
If `--kubeconfig` was not provided - it will try to find `KUBECONFIG` env variable and as a last resort - default user home `~/.kube/config`.
This will save all sensitive info from a local `KUBECONFIG` to your OS specific keychain. Sensitive considered the following:
- `.user.username`
- `.user.password`
- `.user.client-certificate-data`
- `.user.client-key-data`
For user entries that it finds, it will replace in your `KUBECONFIG` with the following:
```yaml
apiVersion: v1
kind: Config
users:
- name:
user:
exec:
apiVersion: client.authentication.k8s.io/v1
command: kubectl-credentials-helper
provideClusterInfo: true
interactiveMode: Never
```
Now, every time you are trying to access this cluster - the helper will fetch sensitive info from OS specific keychain.