Unseal with --raw
vavsab opened this issue · comments
Which component:
kubeseal
Is your feature request related to a problem? Please describe.
I really enjoy raw mode for encrypting a single value
echo -n "MY_SECRET_VALUE" | ./kubeseal --cert ./MY_CERT.crt --namespace MY_NAMESPACE --scope namespace-wide --raw
It would be really nice to have exactly same unseal functionality
echo -n "ENCRYPTED_VALUE" | ./kubeseal --recovery-unseal --recovery-private-key ./MY_KEY.key --namespace MY_NAMESPACE --scope namespace-wide --raw
Describe the solution you'd like
I can make a PR if you are ok with this idea.
Describe alternatives you've considered
I can provide the whole SealedSecret but usually I'm interested only in a single value.
Additional context
Hi @vavsab looks like a good improvement and we'll be happy to review a PR if you'd like to send it!
@agarcia-oss Was there a reason to use stdin for --raw
mode instead of passing it as a param? Passing as a param simplifies the usage so much.
I'm making a script for my company to encrypt a value easily by using the official kubeseal docker image. And it becomes so complicated when need to deal with docker + stdin + gitbash on windows 😬. I managed to make it work but just curious why kubeseal is using stdin.
the original reason for passing secrets in stdin instead of passing them as literal in params is that the latter causes secrets to be visible in /proc and saved in shell histories.
I know there are cases when somebody doesn't care about that so it's perfectly fine to add an option to pass a secret literal on the cmdline, I just didn't want to have that to be the first and most illustrated way of doing it
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 7 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.