vault-action
kubernetes-external-secrets
vault-action | kubernetes-external-secrets | |
---|---|---|
2 | 26 | |
415 | 2,584 | |
1.7% | - | |
7.6 | 7.7 | |
9 days ago | almost 2 years ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vault-action
- Best way to pass secrets to Docker in Github Actions
-
How to store SSH keys in Vault?
I am using vault-action to retrieve SSH private keys in the kv secrets engine but I am not able to SSH to hosts using the SSH secret variable retrieved. However it works when I use the same keys in Github Action Secrets. I believe it's because the kv engine stores it in json and I am not able to put a new line at the end because when I exported the value to my ~/.ssh/test folder from vault, I had to manually add a new line at the end for it to work. Are SSH keys meant to be stored in the kv-v2 engine or should it be using something else?
kubernetes-external-secrets
- aws secrets with eks ,Teffarorm & helm
-
Securing Kubernetes Secrets with HashiCorp Vault
$ helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/ "external-secrets" has been added to your repositories $ helm install k8s-external-secrets external-secrets/kubernetes-external-secrets -f values.yaml NAME: k8s-external-secrets LAST DEPLOYED: Wed Mar 23 22:50:35 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The kubernetes external secrets has been installed. Check its status by running: $ kubectl --namespace default get pods -l "app.kubernetes.io/name=kubernetes-external-secrets,app.kubernetes.io/instance=k8s-external-secrets" Visit https://github.com/external-secrets/kubernetes-external-secrets for instructions on how to use kubernetes external secrets
-
SimpleSecrets: A self-hosted K8S Secrets Manager Operator
I’m reading above that you weren’t aware of sealed-secrets. So I guess that you are not familiar with ExternalSecrets secrets neither. Very solid project
- Managing json config files for apps deployed to k8s at scale
-
1Password Has Raised $620M
They probably should merge with https://github.com/external-secrets/kubernetes-external-secr...
- Recommended way of securing AWS secret key and id in K8s secrets for pulling images from AWS ECR
-
Do you have a TODO checklist when creating clusters from scratch?
I do not recommend vault if you are not experienced. It is a heavy infra to manage. I suggest looking into https://github.com/external-secrets/kubernetes-external-secrets and selecting the tool offered by your cloud providers.
-
Secrets usage
This is where things like the vault agent sidecar or projects like external secrets come in and allow you to inject / sync your secrets backend and your Kubernetes workloads :)
-
Cloud password managements
Depending on what platform you are on, you could use the AWS SDK or a tool like external-secrets (for Kubernetes).
-
Kuberentes CI/CD
We don't keep anything sensitive inside of Helm charts. We use AWS Secrets Manager and external-secrets
What are some alternatives?
vault-ssh-ca-sandbox - A lab repo to demonstrate how to use Hashicorp Vault as a SSH CA for human and automated access via SSH.
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
bank-vaults - A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
sops-secrets-operator - Kubernetes SOPS secrets operator
helm-charts
Flux - Successor: https://github.com/fluxcd/flux2
sops - Simple and flexible tool for managing secrets