Skip to content
/ sealed-secrets-web Public
forked from bakito/sealed-secrets-web

A web interface for Sealed Secrets by Bitnami.

License

MIT license
0 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rowi1de/sealed-secrets-web

BranchesTags
 
 

Repository files navigation

end-2-end Helm Chart Tests Go Report Card Coverage Status



A web interface for Sealed Secrets by Bitnami.

Sealed Secrets Web is a web interface for Sealed Secrets by Bitnami. The web interface let you encode, decode the keys in the data field of a secret, load existing Sealed Secrets and create Sealed Secrets. Under the hood it uses the kubeseal command-line tool to encrypt your secrets. The web interface should be installed to your Kubernetes cluster, so your developers do not need access to your cluster via kubectl.

  • Encode: Base64 encodes each key in the stringData field in a secret.
  • Decode: Base64 decodes each key in the data field in a secret.
  • Secrets: Returns a list of all Sealed Secrets in all namespaces. With a click on the Sealed Secret the decrypted Kubernetes secret is loaded.
  • Seal: Encrypt a Kubernetes secret and creates the Sealed Secret.
  • Validate: Validate a Sealed Secret.

Installation

sealed-secrets-web can be installed via our Helm chart:

helm repo add bakito https://charts.bakito.net
helm repo update

helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web

To modify the settings for Sealed Secrets you can modify the arguments for the Docker image with the --set flag. For example you can set a different controller-name during the installation with the following command:

helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web \
  --set sealedSecrets.namespace=sealed-secrets \
  --set sealedSecrets.serviceName=sealed-secrets

or if you want to disable ability to load existing secrets, and use the tool purelly to seal new ones you can use:

helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web \
  --set disableLoadSecrets=true

To render templates locally:

cd chart
helm template . -f values.yaml

You can check helm values available at https://github.com/bakito/sealed-secrets-web/blob/main/chart/values.yaml Also, check available application options at https://github.com/bakito/sealed-secrets-web/blob/main/pkg/config/types.go#L14-L22

Api Usage

Get current certificate

curl --request GET 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/certificate'

Seal a secret using servers certificate

having sealed secret as yaml output

curl --request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/kubeseal' \
  --header 'Accept: application/x-yaml' \
  --data-binary '@stringData.yaml'

having sealed secret as json output

curl --request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/kubeseal' \
  --header 'Accept: application/json' \
  --data-binary '@stringData.yaml'

sealing one value with default scope

curl -request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/raw' \
     --header 'Content-Type: application/json' \
     --data '{ "name": "mysecretname", "namespace": "mysecretnamespace", "value": "value to seal" }'

Validate sealed secret

NOTE: Validate is only available when using cluster internal api (e.g. certURL not set) see bitnami-labs/sealed-secrets

curl --request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/validate' \
  --header 'Accept: application/x-yaml' \
  --data-binary '@stringData.yaml'

Development

For development, we are using a local Kubernetes cluster using kind. When the cluster is created we install Sealed Secrets using Helm:

./run_local.sh

Access the interface via http://localhost/ssw

About

A web interface for Sealed Secrets by Bitnami.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 72.4%
  • HTML 14.2%
  • Makefile 5.4%
  • Mustache 4.1%
  • Shell 1.5%
  • Dockerfile 1.3%
  • CSS 1.1%