helm-secrets icon indicating copy to clipboard operation
helm-secrets copied to clipboard

Published 20 hours ago verified publisher icon jkroepke

Metadata

A helm plugin that help manage secrets with Git workflow and store them anywhere

CI License Current Release GitHub all releases GitHub issues GitHub pull requests codecov Artifact Hub

helm-secrets

Installation

See Installation for more information.

Usage

Decrypt secrets via protocol handler

Run decrypted command on specific value files. This is method is preferred over the plugin command below. On Windows, the command helm secrets patch windows needs to be run first.

helm upgrade name . -f secrets://secrets.yaml

See Usage for more information

Decrypt secrets via plugin command

Wraps the whole helm command. Slow on multiple value files.

helm secrets upgrade name . -f secrets.yaml

Cloud support

Use AWS Secrets Manager or Azure KeyVault for storing secrets securely and reference them inside values.yaml

See Cloud Integration for more information.

ArgoCD support

For running helm-secrets with ArgoCD, see ArgoCD Integration for more information.

Terraform support

The Terraform helm provider does not support downloader plugins.

helm secrets can be used together with the terraform external data source provider.

data "external" "helm-secrets" {
  program = ["helm", "secrets", "terraform", "../../examples/sops/secrets.yaml"]
}

resource "helm_release" "example" {
  

  values = [
    file("../../examples/sops/values.yaml"),
    base64decode(data.external.helm-secrets.result.content_base64),
  ]
}

An example of how to use helm-secrets with terraform could be found in examples/terraform.

Secret backends

helm-secrets support multiple secret backends. Currently, sops and vals are supported.

See Secret-Backends how to use them.

Documentation

An additional documentation, resources and examples can be found here.

Moving parts of project

  • scripts/run.sh - Main helm-secrets plugin code for all helm-secrets plugin actions available in helm secrets help after plugin install
  • scripts/backends - Location of the in-tree secrets backends
  • scripts/commands - Sub Commands of helm secrets are defined here.
  • scripts/lib - Common functions used by helm secrets.
  • scripts/wrapper - Wrapper scripts for Windows systems.
  • tests - Test scripts to check if all parts of the plugin work. Using test assets with PGP keys to make real tests on real data with real encryption/decryption. See tests/README.md for more informations.
  • examples - Some example secrets.yaml

Copyright and license

© 2020-2022 Jan-Otto Kröpke (jkroepke)

© 2017-2020 Zendesk

Licensed under the Apache License, Version 2.0

Metadata

1.3k
Stars
119
Forks
Watchers

Owner

verified publisher icon jkroepke

Metadata

A helm plugin that help manage secrets with Git workflow and store them anywhere

Back