sealed-secrets icon indicating copy to clipboard operation
sealed-secrets copied to clipboard

Published 20 hours ago verified publisher icon bitnami-labs

Unseal with --raw

Open vavsab opened this issue 5 months ago • 5 comments

Which component: kubeseal

Is your feature request related to a problem? Please describe. I really enjoy raw mode for encrypting a single value echo -n "MY_SECRET_VALUE" | ./kubeseal --cert ./MY_CERT.crt --namespace MY_NAMESPACE --scope namespace-wide --raw It would be really nice to have exactly same unseal functionality echo -n "ENCRYPTED_VALUE" | ./kubeseal --recovery-unseal --recovery-private-key ./MY_KEY.key --namespace MY_NAMESPACE --scope namespace-wide --raw

Describe the solution you'd like I can make a PR if you are ok with this idea.

Describe alternatives you've considered I can provide the whole SealedSecret but usually I'm interested only in a single value.

Additional context

vavsab avatar Mar 14 '24 17:03 vavsab

Hi @vavsab looks like a good improvement and we'll be happy to review a PR if you'd like to send it!

agarcia-oss avatar Mar 21 '24 08:03 agarcia-oss

@agarcia-oss Was there a reason to use stdin for --raw mode instead of passing it as a param? Passing as a param simplifies the usage so much. I'm making a script for my company to encrypt a value easily by using the official kubeseal docker image. And it becomes so complicated when need to deal with docker + stdin + gitbash on windows 😬. I managed to make it work but just curious why kubeseal is using stdin.

vavsab avatar Mar 21 '24 15:03 vavsab

the original reason for passing secrets in stdin instead of passing them as literal in params is that the latter causes secrets to be visible in /proc and saved in shell histories.

I know there are cases when somebody doesn't care about that so it's perfectly fine to add an option to pass a secret literal on the cmdline, I just didn't want to have that to be the first and most illustrated way of doing it

mkmik avatar Mar 21 '24 15:03 mkmik

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar Apr 06 '24 01:04 github-actions[bot]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar Apr 27 '24 01:04 github-actions[bot]

Due to the lack of activity in the last 7 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

github-actions[bot] avatar May 04 '24 01:05 github-actions[bot]