Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.
/ setec Public archive

Setec (pronounced see-tek) is a utility tool that encrypts and decrypts secrets that are managed by Bitnami's Sealed Secrets.

License

MIT license
10 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anthonysterling/setec

BranchesTags

Repository files navigation

Setec Astronomy

CI

Setec Astronomy is an anagram of too many secrets which I stole from the excellent movie Sneakers, which stars Robert Redford, Dan Aykroyd, Ben Kingsley, Mary McDonnell, River Phoenix, Sidney Poitier, and David Strathairn! 🤩

Go watch it.

Overview

Setec (pronounced see-tek) is a utility tool that encrypts and decrypts secrets that are managed by Bitnami's Sealed Secrets. Whilst we're technically not meant to be doing this, I had a use case and wanted to share this.

🚨 This functionality is now included in the official kubeseal application, and whilst it is marked as "experimental" it is absolutely going to be better maintained and more compatible with Sealed Secrets than this project - so you should 💯 check that out first.

Obtaining Sealed Secrets Certificate and Key

The tool requires the Sealed Secrets key to decrypt a value, and the Sealed Secrets certificate to encrypt a value. Where these are located in your Kubernetes cluster is most likely something you know already, I found mine with these commands; which may help.

kubectl get secrets \
        --namespace kube-system --field-selector type=kubernetes.io/tls \
        --selector sealedsecrets.bitnami.com/sealed-secrets-key=active \
        -o jsonpath='{ .items[*].data.tls\.crt }' | base64 -D

kubectl get secrets \
        --namespace kube-system --field-selector type=kubernetes.io/tls \
        --selector sealedsecrets.bitnami.com/sealed-secrets-key=active \
        -o jsonpath='{ .items[*].data.tls\.key }' | base64 -D

Usage

Sealed Secrets are, optionally, scoped by Kubernetes namespace and name. If a Sealed Secret was scoped as cluster-wide you can omit the --namespace and --name flags.

cat plain-secret.txt | setec encrypt --public-key-path /tmp/backup.pub --namespace production --name rails

cat encrypted-secret.txt | setec decrypt --private-key-path /tmp/backup.key --namespace production --name rails

Contributing

Contributions to this project are released to the public under the MIT license.

Submitting a pull request

  1. Fork and clone the repository
  2. Make sure the test and build succeed on your machine: script/test and script/build
  3. Create a new branch: git checkout -b my-branch-name
  4. Make your change, add tests, and make sure the tests still pass
  5. Push to your fork and submit your pull request

About

Setec (pronounced see-tek) is a utility tool that encrypts and decrypts secrets that are managed by Bitnami's Sealed Secrets.

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 3

v202102271705 Latest
Feb 27, 2021
+ 2 releases

Packages

No packages published

Languages