Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shini4i/kubeseal-auto

An interactive wrapper for kubeseal binary
https://github.com/shini4i/kubeseal-auto

gitops kubeseal sealed-secrets

Last synced: about 2 months ago
JSON representation

An interactive wrapper for kubeseal binary

Host: GitHub
URL: https://github.com/shini4i/kubeseal-auto
Owner: shini4i
License: mit
Created: 2022-03-06T14:02:54.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-10-30T06:55:36.000Z (2 months ago)
Last Synced: 2024-11-08T20:14:45.141Z (2 months ago)
Topics: gitops, kubeseal, sealed-secrets
Language: Python
Homepage:
Size: 358 KB
Stars: 16
Watchers: 1
Forks: 2
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

# kubeseal-auto

kubeseal-auto is an interactive wrapper for kubeseal binary used to encrypt secrets for [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets).

![GitHub Actions](https://img.shields.io/github/actions/workflow/status/shini4i/kubeseal-auto/run-tests.yml?branch=main)
[![codecov](https://codecov.io/gh/shini4i/kubeseal-auto/graph/badge.svg?token=E61B6OYPFX)](https://codecov.io/gh/shini4i/kubeseal-auto)
![PyPI - Python Version](https://img.shields.io/pypi/pyversions/kubeseal-auto?style=plastic)
![PyPI](https://img.shields.io/pypi/v/kubeseal-auto?style=plastic)
![license](https://img.shields.io/github/license/shini4i/kubeseal-auto?style=plastic)

Showcase

## Installation
The recommended way to install this script is [pipx](https://github.com/pypa/pipx):

```bash
pipx install kubeseal-auto
```

## Usage
By default, the script will check the version of sealed-secret controller and download the corresponding kubeseal binary to ~/bin directory.

To run the script in fully interactive mode:
```bash
kubeseal-auto
```

Additionally, a "detached" mode is supported:
```bash
# Download sealed-secrets certificate for local signing
kubeseal-auto --fetch
# Generate SealedSecret with local certificate
kubeseal-auto --cert -kubeseal-cert.crt
```
> [!IMPORTANT]
> In the detached mode `kubeseal-auto` will not download the `kubeseal` binary and will look for it in the system $PATH.

To select kubeconfig context:
```bash
kubeseal-auto --select
```

To append or change key values in the existing secret:
```bash
kubeseal-auto --edit secret-name.yaml
```

To reencrypt all secrets in a directory (not working in a detached mode):
```bash
kubeseal-auto --re-encrypt /path/to/directory
```

To back up the encryption and decryption keys (not working in a detached mode):
```bash
kubeseal-auto --backup
```

## Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.