Skip to content
Sekret is an Encryption Tool for Kubernetes Secrets YAML
Go Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
tools
vendor
.gitignore
.goreleaser.yml
.travis.yml
Gopkg.lock
Gopkg.toml
LICENSE.txt
README.md
base64.go
cli.go
command.go
command_test.go
crypto.go
decrypt_command.go
decrypt_command_test.go
edit_command.go
editor_command.go
encrypt_command.go
encrypt_command_test.go
encryption_test.go
main.go
new_command.go
show_command.go
util.go
validator.go
version.go

README.md

Sekret

GitHub release License Build Status Go Report Card GolangCI codecov

Sekret is a tool to edit encrypted Kubernetes Secrets YAML as plain text.

asciicast

Installation

go get github.com/nownabe/sekret

Or download binaries from GitHub releases

Usage

$ sekret --help
NAME:
   sekret - Work with encrypted Kubernetes Secrets

USAGE:
   sekret [global options] command [command options] [arguments...]

VERSION:
   1.1.0

COMMANDS:
     edit          Edit secret YAML as plain text
     new           Create new encrypted secret YAML and edit it
     show          Show decrypted secret YAML
     encrypt, enc  Encrypt file
     decrypt, dec  Decrypt encrypted file
     help, h       Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --key value    Encryption key (16 or 32 bytes) [$ENCRYPTION_KEY]
   --help, -h     show help
   --version, -v  print the version

Examples

Create and Edit

Create a new Secret YAML file.

$ export EDITOR=vim
$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret new new-secret.yaml
$ ls
new-secret.yaml
$ file new-secret.yaml
new-secret.yaml: data
$ sekret edit new-secret.yaml

new and edit commands do:

  • open Secret YAML in specified editor
  • decode/encode base64 data
  • validate edited YAML

Encrypt and Decrypt

$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret enc secret.yaml > secret.yaml.enc
$ file secret.yaml*
secret.yaml:     ASCII text
secret.yaml.enc: data
$ sekret dec secret.yaml.enc
apiVersion: v1
kind: Secret
metadata:
  namespace: my-namespace
  name: my-secret
data:
  apikey: dGhpcyBpcyBhcGkga2V5

Development

Release

tools/release 1.0.0
You can’t perform that action at this time.