Giter Site home page Giter Site logo

chrisns / kubectl-passman Goto Github PK

View Code? Open in Web Editor NEW
93.0 5.0 6.0 1.36 MB

kubectl plugin that provides the missing link/glue between common password managers and kubectl

License: MIT License

Go 100.00%
kubectl-plugin kubectl-plugins password-manager 1password 1password-cli keychain osx-keychain golang go kubernetes

kubectl-passman's Introduction

kubectl user password manager glue

CI status badge LICENSE GitHub watchers GitHub stars GitHub forks GitHub issues GitHub closed issues GitHub pull requests GitHub closed pull requests GitHub repo size GitHub contributors GitHub last commit Go Report Card

โ— An easy way to store your kubernetes credentials in a keychain or password manager

Does your ~/.kube/config look like this:

apiVersion: v1
kind: Config
users:
- name: my-prod-user
  user:
    token: <REAL TOKEN!>
- name: docker-desktop
  user:
    client-certificate-data: <REAL CERT!>
    client-key-data: <REAL PRIVATE KEY!>

๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ

Do you scold your parents ๐Ÿ‘จโ€๐Ÿซ/๐Ÿ‘ฉโ€๐Ÿซ for maintaining a passwords.doc on their desktop?

Then you need kubectl-passman!

Works with (more coming)

Provider Supports Example command
keychain Mac OS Keychain
GNOME Keyring
Windows Credential Manager		 kubectl passman keychain [item] [token]
1password 1password
requires 1password cli		 kubectl passman 1password [item] [token]
gopass gopass kubectl passman gopass [item] [token]

Installation

# with krew (recommended)
kubectl krew install passman

# get a binary from https://github.com/chrisns/kubectl-passman/releases/latest
# place it in PATH and make sure it's called kubectl-passman

# use go to get the most recent
go install github.com/chrisns/kubectl-passman

Usage

You need to JSON encode the credentials so that should look something like:

{"token":"00000000-0000-0000-0000-000000000000"}

or for a key pair:

{
  "clientCertificateData":"-----BEGIN REAL CERTIFICATE-----\nMIIC9DCCA.......-----END CERTIFICATE-----",
  "clientKeyData":"-----BEGIN REAL RSA PRIVATE KEY-----\nMIIE......-----END REAL RSA PRIVATE KEY-----"
}

or for a key pair from your kube config:

{
  "client-certificate-data":"LS0tLS1CRU...LS0tCg==",
  "client-key-data":"LS0tLS1CRU...LS0tLS0K"
}

If they are already in your kube config, you could retrieve them with something like:

kubectl config view --raw -o json | jq '.users[] | select(.name=="kubectl-prod-user") | .user' -c

Write it to the password manager

kubectl passman keychain kubectl-prod-user '[token]'
# or
kubectl passman 1password kubectl-prod-user '[token]'

## so should look like:
kubectl passman 1password kubectl-prod-user '{"token":"00000000-0000-0000-0000-000000000000"}'
# or
kubectl passman 1password kubectl-prod-user '{"client-certificate-data":"...BASE64_ENCODE...","client-key-data":"...BASE64_ENCODE..."}'

Then add it to the ~/.kube/config:

kubectl config set-credentials \
  kubectl-prod-user \
 --exec-api-version=client.authentication.k8s.io/v1beta1 \
 --exec-command=kubectl-passman \
 --exec-arg=keychain \ # or 1password
 --exec-arg=kubectl-prod-user # name of [item-name] you used when you wrote to the password manager

Build

go build

Note: kubectl-passman will build slightly differently on Darwin (Mac OS) to other operation systems because it uses the go-keychain library that needs libraries that only exist on a mac so that it can natively talk to the keychain. When compiling for other operating systems you'll get go-keyring instead but I've abstracted to make the interactions the same.

Contributing

I โค๏ธ contributions, it'd be great if you could add support for your favourite password manager, work on something from the TODO or any open issues as a priority, but anything else that takes your fancy too is great, though best to raise an issue to discuss before investing time into it.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.