Skip to content
Sekret is an Encryption Tool for Kubernetes Secrets YAML
Branch: master
Clone or download
Latest commit ea2fe5f Apr 11, 2019

README.md

Sekret

GitHub release License Build Status Go Report Card GolangCI codecov

Sekret is a tool to edit encrypted Kubernetes Secrets YAML as plain text.

asciicast

Installation

go get github.com/nownabe/sekret

Or download binaries from GitHub releases

Usage

$ sekret --help
NAME:
   sekret - Work with encrypted Kubernetes Secrets

USAGE:
   sekret [global options] command [command options] [arguments...]

VERSION:
   1.1.0

COMMANDS:
     edit          Edit secret YAML as plain text
     new           Create new encrypted secret YAML and edit it
     show          Show decrypted secret YAML
     encrypt, enc  Encrypt file
     decrypt, dec  Decrypt encrypted file
     help, h       Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --key value    Encryption key (16 or 32 bytes) [$ENCRYPTION_KEY]
   --help, -h     show help
   --version, -v  print the version

Examples

Create and Edit

Create a new Secret YAML file.

$ export EDITOR=vim
$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret new new-secret.yaml
$ ls
new-secret.yaml
$ file new-secret.yaml
new-secret.yaml: data
$ sekret edit new-secret.yaml

new and edit commands do:

  • open Secret YAML in specified editor
  • decode/encode base64 data
  • validate edited YAML

Encrypt and Decrypt

$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret enc secret.yaml > secret.yaml.enc
$ file secret.yaml*
secret.yaml:     ASCII text
secret.yaml.enc: data
$ sekret dec secret.yaml.enc
apiVersion: v1
kind: Secret
metadata:
  namespace: my-namespace
  name: my-secret
data:
  apikey: dGhpcyBpcyBhcGkga2V5

Development

Release

tools/release 1.0.0
You can’t perform that action at this time.