https://github.com/sleipnir/kube-secret-sync

KubeSecretSync syncs secrets from Vault and other managers to Kubernetes secrets.
https://github.com/sleipnir/kube-secret-sync

Last synced: about 1 year ago
JSON representation

KubeSecretSync syncs secrets from Vault and other managers to Kubernetes secrets.

• Host: GitHub
• URL: https://github.com/sleipnir/kube-secret-sync
• Owner: sleipnir
• License: apache-2.0
• Created: 2024-07-11T18:59:08.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-07-15T14:03:21.000Z (almost 2 years ago)
• Last Synced: 2025-02-09T05:44:34.562Z (over 1 year ago)
• Language: Elixir
• Size: 22.5 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# KubeSecretSync

KubeSecretSync or **KSS** is a simple and efficient tool for synchronizing secrets from Vault and other secret managers into Kubernetes secrets. Unlike more complex solutions, KubeSecretSync offers an easy-to-use interface and straightforward configuration, making it ideal for lightweight and secure secret management in Kubernetes environments.

## Getting Started

KubeSecretSync integrates with your Kubernetes deployments using annotations. Follow the steps below to set up KubeSecretSync in your cluster:

## Installation

1. Deploy KubeSecretSync.

    Apply the KubeSecretSync deployment manifest to your Kubernetes cluster:

```

kubectl apply -f https://path/to/kubesecretsync/deployment.yaml

```

## Usage

2. Annotate Your Deployment

    Add the following annotations to your Kubernetes deployment to specify which secrets to synchronize:

```yaml

apiVersion: apps/v1

kind: Deployment

metadata:

  name: example-app

  annotations:

    kss.io/provider-name: "vault-config"

    kss.io/provider-path: "secret/data/example-app"

    kss.io/provider-keys: "db-username,db-password"

    kss.io/secret-destination: "example-app-secrets"

spec:

  replicas: 1

  selector:

    matchLabels:

      app: example-app

  template:

    metadata:

      labels:

        app: example-app

    spec:

      containers:

      - name: app

        image: example/app:latest

        env:

        - name: DB_USERNAME

          valueFrom:

            secretKeyRef:

              name: example-app-secrets

              key: db-username

        - name: DB_PASSWORD

          valueFrom:

            secretKeyRef:

              name: example-app-secrets

              key: db-password

```