aws-secret-sidecar-injector
argocd-vault-plugin
aws-secret-sidecar-injector | argocd-vault-plugin | |
---|---|---|
2 | 9 | |
132 | 766 | |
- | 2.0% | |
3.1 | 7.3 | |
over 1 year ago | 2 days ago | |
Go | Go | |
MIT No Attribution | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-secret-sidecar-injector
- How can you add secrets to a dockerfile/image from AWS (Secret Manager)
-
EKS pods using IRSA (IAM auth per pod) to access AWS Secrets WITHOUT creating K8s secret?
There is a PoC of an AWS sidecar injector that imports a secret into a ramdisk as an init step and injects the secrets into the pod when launched, but it's clearly a PoC, and only supports a single secret, not to mention not being enterprise ready.
argocd-vault-plugin
-
GitOps and Kubernetes – Secure Handling of Secrets
ArgoCD supports SOPS with the vault Plugin.
-
Injecting secrets from Vault into Helm charts with ArgoCD
repoServer: rbac: - verbs: - get - list - watch apiGroups: - '' resources: - secrets - configmaps initContainers: - name: download-tools image: registry.access.redhat.com/ubi8 env: - name: AVP_VERSION value: 1.11.0 command: [sh, -c] args: - >- curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv argocd-vault-plugin /custom-tools/ volumeMounts: - mountPath: /custom-tools name: custom-tools extraContainers: - name: avp-helm command: [/var/run/argocd/argocd-cmp-server] image: quay.io/argoproj/argocd:v2.4.8 securityContext: runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp-dir - mountPath: /home/argocd/cmp-server/config name: cmp-plugin - name: custom-tools subPath: argocd-vault-plugin mountPath: /usr/local/bin/argocd-vault-plugin volumes: - configMap: name: cmp-plugin name: cmp-plugin - name: custom-tools emptyDir: {} - name: tmp-dir emptyDir: {} # If you face issue with ArgoCD CRDs installation, then uncomment below section to disable it #crds: # install: false
- K8s and HIPPA/PHI compliant systems - Need advice!
-
Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?
argoproj-labs/argocd-vault-plugin
-
Best solution to use Argocd with helm and manage secrets ? Don't say flux !
We’re using https://github.com/argoproj-labs/argocd-vault-plugin which allows you to define secrets in git (works with more backends than just hashicorp vault despite the name). The documentation took me a bit to figure out, but so far it works.
-
Best Practices for Argo CD
Argo CD Vault plugin
- Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD
- Gotta love gitops
-
Best/Secure way to add a secret for ArgoCD Helm Chart?
I used argocd vault plugin https://github.com/IBM/argocd-vault-plugin
What are some alternatives?
chamber - CLI for managing secrets
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
kustomize-sops - KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
vault-creds - Sidecar container for requesting dynamic Vault database secrets
argocd-image-updater - Automatic container image update for Argo CD
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes [Moved to: https://github.com/external-secrets/kubernetes-external-secrets]
applicationset - The ApplicationSet controller manages multiple Argo CD Applications as a single ApplicationSet unit, supporting deployments to large numbers of clusters, deployments of large monorepos, and enabling secure Application self-service.
argo-cd - Declarative Continuous Deployment for Kubernetes
k8s-vault-webhook - A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers