Kamus Init Container
A init container that decrypt secrets using Kamus decryptor API and write them to a file.
The simplest way to use the init container is by creating a config map to store the encrypted values:
apiVersion: v1 kind: ConfigMap metadata: name: encrypted-secrets-cm data: key: 4AD7lM6lc4dGvE3oF+5w8g==:WrcckiNNOAlMhuWHaM0kTw==
Use the CLI or direct API calls to encrypt the values. The init container has 2 mounted volumes:
- Encrypted items: mounted from the config map, contains all the encrypted values
- Decrypted items: the init container will write all the decrypted items to this volume. The vulme medium is memory for increased security.
Take a look on the deployment of the example app to see how it's all connected together. You'll notice that app container and the init container, and you can see the mount settings. Don't forget to mount the decrypted item into the container running the app.
The init container accept the following environmenmt variables:
|-V/--version||false||output the version number|
||true||Encrypted files folder path (the volume mounted with the config map)|
||false||Decrypted file/s folder path mounted. Pass this argument to create one decrypted file per encrypted secret|
||false||Decrypted file name. Pass this argument to create one configuration file with the encrypted secrets.|
||false||The format of the output file, default to JSON. Supported types: json, cfg, files||JSON|