Modularise Kapitan

[uberspot]

Currently kapitan is packaged in pypi (or as a binary) along with all its dependencies. Adding more input types or secret backends means adding extra dependencies which might not be useful for certain users. This issue is to track modularisation of kapitan to a set of core dependencies (cryptography,pyyaml,jsonschema etc) and then extra modules (e.g. boto3,google-api-python-client) that can be loaded by users that actually use those specific features.

[royari]

Hi! Just looking for a bit of clarification. Along with modularization into main module and extra modules that is packages in pypi, are we also interested in something like lazy loading of dependencies?

[isala404]

In my opinion, it's better to ship these different kinds of secret management systems as standalone plugins, So if someone has their own way of storing secrets they can just write a custom plugin and load it without interfering with Kapitan's core functionality.

[adrianchifor]

The idea here is simple:

pip3 install --user kapitan

Will just install core kapitan functionality (reclass inventory, jinja2/jsonnet/kadet templates, only ref secrets).

 pip3 install --user kapitan[gkms]

Core functionality + google-api-python-client via pypi extras, in case you need to use secrets backed by Google KMS.

And so on for the other secret backends (gpg, awskms).