remote-secrets
Remote Secrets allows you to use remote secret management systems, SSM parameter store, application configuration, Cloudformation stack outputs, and more to add a single secret in k8s.
How to use it
Install CRD
- from url
kubectl apply -f https://raw.githubusercontent.com/jerry153fish/remote-secrets/main/config/crd.yaml
- from source
make crd
Install controller
- from url
kubectl apply -f https://raw.githubusercontent.com/jerry153fish/remote-secrets/main/config/default/manager.yaml
- from source
make manifest
Create simple secret
- simple plain text secrets
kubectl apply -f https://raw.githubusercontent.com/jerry153fish/remote-secrets/main/config/simple/plaintext.yaml
It will just add a s simple plain text as the backend
apiVersion: jerry153fish.com/v1beta1
kind: RSecret # Identifier of the resource type.
metadata:
name: test-plaintext # Name of the "RSecret" custom resource instance, may be changed to your liking
namespace: default # Namespace must exist and account in KUBECONFIG must have sufficient permissions
spec:
description: "test plaintext secrets" # Optional description of the resource
resources:
- backend: Plaintext
data:
- remote_value: test-rsecret-plaintext-value
secret_field_name: test-rsecret-plaintext
- remote_value: test-rsecret-plaintext-value-1
secret_field_name: test-rsecret-plaintext-1
Configure backends access
if you want to add other backend you need to configure the backend access with k8s secret eg:
apiVersion: v1
kind: Secret
metadata:
name: remote-secrets
namespace: remote-secrets
type: Opaque
stringData:
APP: "remote-secrets"
# AWS_ACCESS_KEY_ID: "aaa"
# AWS_SECRET_ACCESS_KEY: "secret"
# AWS_REGION: "ap-southeast-2"
# LOCALSTACK_URL: "http://dockerhost:4572"
# TEST_ENV: "true"
- aws backend
The example above uses the environment variable to configure the AWS credentials. However, the remote-secrets is using aws-config which utilizes the AWS credential provider chain, so you can configure the credentials the way you want.
AWS Parameter Store
ensure you have correct access to SSM
- add the parameter
aws ssm put-parameter --name MyStringParameter --type "String" --value "Vici"
- add a SSM backend
- backend: SSM
data:
- remote_value: MyStringParameter
secret_field_name: test-rsecret-ssm-param
AWS Secret Manager
ensure you have correct access to Secret manager
- add the secret
aws secretsmanager create-secret --name MyTestSecret --secret-string "Vicd"
- add a secret manager backend
- backend: SecretManager
data:
- remote_value: MyTestSecret
secret_field_name: test-rsecret-secretmanager
AWS Cloudformation outputs
ensure you have correct access to Cloudformation
- add a simple cloudformation stack
aws cloudformation create-stack --stack-name MyTestStack --template-body file://e2e/mock-cfn.yaml
- add as a cloudformation backend
- backend: Cloudformation
data:
- remote_value: MyTestStack # import all the outputs
- remote_value: MyTestStack # import specific output key
secret_field_name: test-cfn-stack
output_key: S3Bucket
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent