vanishing-keys
kubernetes-external-secrets
vanishing-keys | kubernetes-external-secrets | |
---|---|---|
1 | 26 | |
2 | 2,584 | |
- | - | |
4.6 | 7.7 | |
about 1 month ago | almost 2 years ago | |
JavaScript | JavaScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vanishing-keys
-
One Time Secrets with Vanishing Keys
So we've made an open source and completely free quick solution to share temporary credentials. The source is of course available on GitHub. It's a community edition so everything is free and no account is required.
kubernetes-external-secrets
- aws secrets with eks ,Teffarorm & helm
-
Securing Kubernetes Secrets with HashiCorp Vault
$ helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/ "external-secrets" has been added to your repositories $ helm install k8s-external-secrets external-secrets/kubernetes-external-secrets -f values.yaml NAME: k8s-external-secrets LAST DEPLOYED: Wed Mar 23 22:50:35 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The kubernetes external secrets has been installed. Check its status by running: $ kubectl --namespace default get pods -l "app.kubernetes.io/name=kubernetes-external-secrets,app.kubernetes.io/instance=k8s-external-secrets" Visit https://github.com/external-secrets/kubernetes-external-secrets for instructions on how to use kubernetes external secrets
-
SimpleSecrets: A self-hosted K8S Secrets Manager Operator
I’m reading above that you weren’t aware of sealed-secrets. So I guess that you are not familiar with ExternalSecrets secrets neither. Very solid project
- Managing json config files for apps deployed to k8s at scale
-
1Password Has Raised $620M
They probably should merge with https://github.com/external-secrets/kubernetes-external-secr...
- Recommended way of securing AWS secret key and id in K8s secrets for pulling images from AWS ECR
-
Do you have a TODO checklist when creating clusters from scratch?
I do not recommend vault if you are not experienced. It is a heavy infra to manage. I suggest looking into https://github.com/external-secrets/kubernetes-external-secrets and selecting the tool offered by your cloud providers.
-
Secrets usage
This is where things like the vault agent sidecar or projects like external secrets come in and allow you to inject / sync your secrets backend and your Kubernetes workloads :)
-
Cloud password managements
Depending on what platform you are on, you could use the AWS SDK or a tool like external-secrets (for Kubernetes).
-
Kuberentes CI/CD
We don't keep anything sensitive inside of Helm charts. We use AWS Secrets Manager and external-secrets
What are some alternatives?
envars - Securely load environment variables (configuration settings) from .env files with support of Google Secret Manager.
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes [Moved to: https://github.com/external-secrets/kubernetes-external-secrets]
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
infisical-cli - ♾ Infisical is an open-source, E2EE tool to sync environment variables across your team and infrastructure. [Moved to: https://github.com/Infisical/infisical]
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
microvault - Keep your secrets secret. Tool to manage secrets in your public and private repositories. :closed_lock_with_key: :fire:
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
bank-vaults - A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
sops-secrets-operator - Kubernetes SOPS secrets operator