Home

Awesome

SCF Secret Generator

A utility for SUSE Cloud Foundry for generating secrets based on the role manifest.

It works in conjunction with the fissile project.

These secrets are described in the configuration.variables section, and will be generated if they have secret: true properties and the generator section is populated.

It can generate:

It will not overwrite existing secrets, so is safe to run between upgrades.

Usage

scf-secret-generator is meant to run inside a pre-flight Kubernetes job. This job should have the KUBERNETES_NAMESPACE environment variable set, and will create or update the secret called secret inside that namespace.

After that job has finished, you should be able to see that the secrets have been populated:

kubectl -n $(KUBERNETES_NAMESPACE) get secret secret -o yaml

Note that Kubernetes returns these values as base64 encoded, so they must be base64 decoded before using.

Building

A modern Go version is required. The version used in SCF is described in the package spec.

go build will create the binary.