Skip to content
/ k8sec Public

CLI tool to manage Kubernetes Secrets easily

License

Notifications You must be signed in to change notification settings

dtan4/k8sec

Repository files navigation

k8sec

GitHub Actions codecov GitHub release

CLI tool to manage Kubernetes Secrets easily

Requirements

Kubernetes 1.18 or above

Installation

Using Homebrew (OS X only)

Formula is available at dtan4/homebrew-dtan4.

brew tap dtan4/tools
brew install k8sec

Precompiled binary

Precompiled binaries for Windows, OS X, Linux are available at Releases.

From source

go get -d github.com/dtan4/k8sec
cd $GOPATH/src/github.com/dtan4/k8sec
make install

Docker image

Docker image is no longer provided officially. If you'd like to run k8sec in Docker image, see Dockerfile and build image by yourself.

docker build -t k8sec .

Usage

Global options

Option Description Required Default
--context=CONTEXT Kubernetes context
--kubeconfig=KUBECONFIG Path of kubeconfig ~/.kube/config
-n, --namespace=NAMESPACE Kubernetes namespace default
-h, -help Print command line usage

k8sec list

List secrets

$ k8sec list [--base64] [NAME]

# Example
$ k8sec list rails
NAME    TYPE    KEY             VALUE
rails   Opaque  database-url    "postgres://example.com:5432/dbname"

# Show values as base64-encoded string
$ k8sec list --base64 rails
NAME    TYPE    KEY             VALUE
rails   Opaque  database-url    cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ==

k8sec set

Set secrets

$ k8sec set [--base64] NAME KEY1=VALUE1 [KEY2=VALUE2 ...]

$ k8sec set rails rails-env=production
rails

# Set base64-encoded value
$ echo -n dtan4 | base64
ZHRhbjQ=
$ k8sec set --base64 rails foo=ZHRhbjQ=
rails

# Result
$ k8sec list rails
NAME    TYPE    KEY             VALUE
rails   Opaque  database-url    "postgres://example.com:5432/dbname"
rails   Opaque  foo             "dtan4"

k8sec unset

Unset secrets

$ k8sec unset NAME KEY1 KEY2...

# Example
$ k8sec unset rails rails-env

k8sec load

Load secrets from dotenv (key=value) format text

$ k8sec load [-f FILENAME] NAME

# Example
$ cat .env
database-url="postgres://example.com:5432/dbname"
$ k8sec load -f .env rails

# Load from stdin
$ cat .env | k8sec load rails

k8sec dump

Dump secrets as dotenv (key=value) format

$ k8sec dump [-f FILENAME] [--noquotes] [NAME]

# Example
$ k8sec dump rails
database-url="postgres://example.com:5432/dbname"

# Save as .env
$ k8sec dump -f .env rails
$ cat .env
database-url="postgres://example.com:5432/dbname"

# Save as .env without qoutes
$ k8sec dump -f .env --noquotes rails
$ cat .env
database-url=postgres://example.com:5432/dbname

Contribution

  1. Fork (https://github.com/dtan4/k8sec/fork)
  2. Create a feature branch
  3. Commit your changes
  4. Rebase your local changes against the master branch
  5. Run test suite with the go test ./... command and confirm that it passes
  6. Run gofmt -s
  7. Create a new Pull Request

Author

dtan4

License

MIT License