KSecretManager

Kustomize plugin to load secrets from Secret Manager

Install the plugin where kustomize can find it, see the documentation.

Add a the generator to your kustomization.yaml:

resources:
  - ...
generators:
  - my-secret.yaml

Create my-secret.yaml:

apiVersion: github.com/julienp
kind: SecretManager
metadata:
  name: the-secret
secrets:
  - name: some_database_password # The name as specified in Google Secrets manager
  - name: another_secret
    key: ANOTHER_SECRET # optional, the key to use in the k8s Secret

Provide PROJECT_ID as env variable when running kustomize:

make build
PROJECT_ID=<my project id> KUSTOMIZE_PLUGIN_HOME=`pwd`/bin kustomize build --enable_alpha_plugins ./example

DRY_RUN as env variable to mock the creation of secrets, useful if we don't want this plugin to hit secrets manager.

make build
DRY_RUN=1 PROJECT_ID=<my project id> KUSTOMIZE_PLUGIN_HOME=`pwd`/bin kustomize build --enable_alpha_plugins ./example

This will generate the following secret:

apiVersion: v1
kind: Secret
metadata:
  name: the-secret
type: Opaque
data:
  some_database_password: <value>
  ANOTHER_SECRET: <value>

About

Kustomize plugin to load secrets from [Secret Manager](https://cloud.google.com/secret-manager)

golang secrets-management k8s kustomize

Languages

Language:Go 93.3%Language:Makefile 6.7%