Awesome
kubectl-pass
Authentication and secret management with pass and kubectl integration. Works as a standalone script, or kubectl plugin.
pass
, the standard Unix password manager, is a powerful way to store your valuable secrets with GPG keys. Read about it more at passwordstore.org.
Table of Contents
<!-- vim-markdown-toc GFM --> <!-- vim-markdown-toc -->Pre-requisites
Install
Copy kubectl-pass
somewhere in your $PATH
:
cd ~/.local/bin
curl -LO https://github.com/rafi/kubectl-pass/raw/master/kubectl-pass
chmod ug+x kubectl-pass
Now you can run as a kubectl plugin, standalone, or alias:
kubectl pass -h
# OR
kubectl-pass -h
# OR
alias kubepass=kubectl-pass
kubepass -h
Commands
Auth
kubectl pass auth
reads an encrypted pass file, looks for matching keywords
and returns a Kubernetes ExecCredential
kind manifest.
For example, if you are using PEM, create a new encrypted pass secret:
pass edit personal/k8s
Fill in these fields: (Make sure they are already base64 encoded)
client-certificate-data: LS0...
client-key-data: LS0...
Finally, edit your ~/.kube/config
user:
users:
- name: personal-admin
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- auth
- pem
- personal/k8s
command: kubectl-pass
Now try using kubectl
with the context you've edited. Enjoy!
Secret
Coming Soon...
See Also
License
- MIT