Giter Site home page Giter Site logo

bufferapp / kubesecret Goto Github PK

View Code? Open in Web Editor NEW
6.0 3.0 1.0 473 KB

A tool to manage secrets in kubernetes

Home Page: https://www.npmjs.com/package/@bufferapp/kubesecret

License: MIT License

JavaScript 100.00%
kuberentes kubesecret manage-secrets kubectl

kubesecret's Introduction

Kubesecret - Safe kubernetes secret management

npm package

Purpose and motivation

Managing kubernetes secrets is a non standard process. Companies have many possible ways in which they can be managed. Sometimes though, a simple approach of kubectl is the most practical to reach out to.

That said, we've found that kubectl apply -f or even kubectl edit can present challenges. In the case of the former it can be easy to end up with files that were out of sync and unintended changes to secrets can happen. With the latter, encoding erros or manual file modifications can be serious enough to take down an entire application.

But even more, when trying to look at the data available the process can be tedious (kubectl get secret <secret> | .... | base64 --decode or similar bashing).

We are making kubesecret to give team members a guided approach to performing CRUD operations on secrets in kubernetes. In the future the capabilities of the tool might be extended to do things such as finding where a secret/secret key is being used. Finally, we are aiming to make the behaviour extendable from the start via the use of plugins.

Using

Please note that this tool runs ON TOP of kubectl. You need to have kubectl installed and running on your OS before using this tool

npm

npm install -g @bufferapp/kubesecret

Now run kubesecret help to explore what you can do!

Download the binary

  • Go to the releases, and download the binary for the OS of your choice.
  • Place the binary somewhere on your $PATH.
  • Run it using kubesecret help to see what you can do with it.
A note on windows support

While Windows support is currently not supported, we'll be taking care to try and not introduce patterns that exclude windows. We make no guarantees and you are free to run node_modules/pkg/lib-es5/bin.js -t node10-win-x64 to get yourself a Windows binary and test things out.

Developing the tool

  • Download the repo
  • Run npm install. The tool is being developed using node v10.x.x
  • Code away
  • To test changes without building the binary run node scripts/kubesecret.js
  • Install it globally on your machine using npm link

Publish to npm

Use npm version to update the version name, add a commit and tag that commit prior to publishing. For example:

npm version 0.5.0
npm publish

Or if you want to publish a beta version, manually update the package.json version (e.g. 0.5.0-beta1) and run this command:

npm publish --tag beta

License

MIT

kubesecret's People

Contributors

dependabot[bot] avatar djfarrelly avatar kiriappeee avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

isabella232

kubesecret's Issues

Position of 'results' after choosing an option

Version 0.4.0-rc1

I think this is partly related to the tool being interactive, but I find it tricky sometimes to know where I should be looking when I choose an option - often text changes above where I am making my option, forcing me to constantly have to look up and down to find the result of an action.

Mixture of numerical and selectable options

Version 0.4.0-rc1

I found it a bit weird that in some menus, I am promped to choose a number while in others I have to use the cursor keys to select the option I want. It's not a huge deal, I just find it a bit jarring to use.

Compare:

? Choose a secret to work with:
  1) buffer-analyze-keys
  2) buffer-publish-buffer-api-client
  3) buffer-publish-keys
  4) buffer-session-service-keys
  5) buffer-web-secret
  6) log-aggregator-aws
  7) log-aggregator-dd
  8) marketing-site
  9) twitter-friends-aws
  Answer:

with

? Choose next action:
โฏ View all keys
  View a specific key
  Edit secret
  Remove secret (TODO)
  Exit

Add get all command

Purpose

Instead of having to switch back and forth between kubectl and kubsecret it would be awesome to quickly list all secrets in a given namespace.

Idea

Instead of having to run kubectl -n reply get secrets then run kubesecret -n reply get secret <secret-name> we could list all of the secrets via kubesecret to have a smooth workflow.

If we wanted to make it more interactive one day we could even make it put out a numbered list and prompt the user for a number to read. ex.

kubesecret -n reply get
1) secret-a
2) secret-b
What secret would you like to view?
> _

Ejected for not confirming a change

Version 0.4.0-rc1

I was playing around and had a potiential edit to the valur of a key. However, I decided not to confirm, and as a result I was ejected from my kubesecret session, rather than returning to an appropriate menu.

? Please input the new value for "last-one":
Here are the changes:
Old value: Hope all is well
New value:

? Proceed with change: No
Colins-MacBook-Pro:buffer-web colin$

Add README w/ install info

Purpose

To make it easier to get started with this tool ๐Ÿ˜„

What it could look like:

kubesecret

A tool to manage secrets in kubernetes

Installation

Run t

VERSION="0.3"
curl -L https://github.com/bufferapp/kubesecret/releases/download/$VERSION/kubesecret-`uname -s` > /usr/local/bin/kubesecret
chmod +x /usr/local/bin/kubesecret

Notes

  • We currently make the binary lowercase so to use uname -s we could make the binary -Linux-...
  • Can we drop the amd64 part of the binary file name for brevity?
  • We could also add some basic usage of the tool on the readme as well ๐Ÿ‘

Behaviour when not specifying namespace

Version 0.4.0-rc1

I did a kubesecret get and forgot to specify the namespace (a common habit I have with kubectl too ๐Ÿ˜… ).

The output then says Working with namespace undefined and it looks like what ends up happening is that the default namespace is used.

I'm just wondering if making the namespace required would help to avoid any potential confusion here. Or, at the very least, the informational message could say Working with namespace default?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.