Sekret is a tool to edit encrypted Kubernetes Secrets YAML as plain text.
go get github.com/nownabe/sekretOr download binaries from GitHub releases
$ sekret --help
NAME:
sekret - Work with encrypted Kubernetes Secrets
USAGE:
sekret [global options] command [command options] [arguments...]
VERSION:
1.1.0
COMMANDS:
edit Edit secret YAML as plain text
new Create new encrypted secret YAML and edit it
show Show decrypted secret YAML
encrypt, enc Encrypt file
decrypt, dec Decrypt encrypted file
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--key value Encryption key (16 or 32 bytes) [$ENCRYPTION_KEY]
--help, -h show help
--version, -v print the version
Create a new Secret YAML file.
$ export EDITOR=vim
$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret new new-secret.yaml
$ ls
new-secret.yaml
$ file new-secret.yaml
new-secret.yaml: data
$ sekret edit new-secret.yamlnew and edit commands do:
- open Secret YAML in specified editor
- decode/encode base64 data
- validate edited YAML
$ export ENCRYPTION_KEY=$YOUR_ENCRYPTION_KEY
$ sekret enc secret.yaml > secret.yaml.enc
$ file secret.yaml*
secret.yaml: ASCII text
secret.yaml.enc: data
$ sekret dec secret.yaml.enc
apiVersion: v1
kind: Secret
metadata:
namespace: my-namespace
name: my-secret
data:
apikey: dGhpcyBpcyBhcGkga2V5tools/release 1.0.0