https://github.com/rafi/kubectl-pass

kubectl plugin for integration with pass (the standard unix password manager)
https://github.com/rafi/kubectl-pass

auth k8s kubectl kubectl-plugins kubernetes pass

Last synced: 1 day ago
JSON representation

kubectl plugin for integration with pass (the standard unix password manager)

• Host: GitHub
• URL: https://github.com/rafi/kubectl-pass
• Owner: rafi
• Created: 2019-07-15T14:54:46.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2019-07-16T05:52:54.000Z (over 5 years ago)
• Last Synced: 2025-04-10T04:05:41.208Z (5 days ago)
• Topics: auth, k8s, kubectl, kubectl-plugins, kubernetes, pass
• Language: Shell
• Size: 3.91 KB
• Stars: 6
• Watchers: 1
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-kubectl-plugins - kubectl-pass - pass)](https://github.com/rafi/kubectl-pass/stargazers) | (kubectl Plugins / Installing plugins via awesome-kubectl-plugins)

README

        
# kubectl-pass

> Authentication and secret management with [pass] and [kubectl]

> integration. Works as a standalone script, or kubectl plugin.

>

> `pass`, the standard Unix password manager, is a powerful way to store

> your valuable secrets with GPG keys.

> Read about it more at [passwordstore.org].

## Table of Contents

* [Pre-requisites](#pre-requisites)

* [Install](#install)

* [Commands](#commands)

  * [Auth](#auth)

* [See Also](#see-also)

* [License](#license)

## Pre-requisites

* [kubectl]

* [pass]

* [jq]

## Install

Copy `kubectl-pass` somewhere in your `$PATH`:

```bash

cd ~/.local/bin

curl -LO https://github.com/rafi/kubectl-pass/raw/master/kubectl-pass

chmod ug+x kubectl-pass

```

Now you can run as a kubectl plugin, standalone, or alias:

```bash

kubectl pass -h

# OR

kubectl-pass -h

# OR

alias kubepass=kubectl-pass

kubepass -h

```

## Commands

* [x] kubectl pass [auth](#auth)

* [ ] kubectl pass [secret](#secret)

### Auth

`kubectl pass auth` reads an encrypted pass file, looks for matching keywords

and returns a Kubernetes `ExecCredential` kind manifest.

For example, if you are using PEM, create a new encrypted pass secret:

```bash

pass edit personal/k8s

```

Fill in these fields: (Make sure they are already base64 encoded)

```yaml

client-certificate-data: LS0...

client-key-data: LS0...

```

Finally, edit your `~/.kube/config` user:

```yaml

users:

- name: personal-admin

  user:

    exec:

      apiVersion: client.authentication.k8s.io/v1beta1

      args:

      - auth

      - pem

      - personal/k8s

      command: kubectl-pass

```

Now try using `kubectl` with the context you've edited. Enjoy!

### Secret

Coming Soon...

## See Also

## License

* MIT

[kubectl]: https://kubernetes.io/docs/tasks/tools/install-kubectl/

[pass]: https://www.passwordstore.org

[passwordstore.org]: https://www.passwordstore.org

[jq]: https://github.com/stedolan/jq