A CLI for maintaining sealed secrets in tanka configuration repositories.
The tool knows which kuberentes context and namespace to use by reading the configuration in a tanka environment directory. It can generate a plain_secrets.json file by looking at the existing Opaque secrets for the appropriate kuberentes context and namespace. It can then read the plain_secrets.json file in the environment directory, and generate a sealed_secrets.json. This sealed_secrets.json can be included in the main.jsonnet file like so:
{ secrets: import 'sealed_secrets.json' }
ruby> 2.7kubectltkkubeseal
$ gem install tkseal --version "WHATEVER_THE_CURRENT_VERSION_IS" --source "https://YOUR_GITHUB_USERNAME:[email protected]/mlibrary"
tkseal diff PATH
Shows the difference between "plain_secrets.json" and the Opaque kuberentes secrets associated with the tk environment PATH
tkseal pull PATH
Saves a copy of the unencrypted Opaque secrets in the kubernetes cluster associated with the given tanka environment PATH to the file "plain_secrets.json", which is also located in the given tanka environment PATH.
tkseal seal PATH
Takes the secrets in "plain_secerets.json" in the given tanka environment PATH, seal them with kubeseal and save the resulting sealed secrets to "sealed_secrets.json" in the given tanka environment path.
tkseal ready
Checks that the cli dependencies are available in your shell
tkseal version
Returns the installed version of the application
Bug reports and pull requests are welcome on GitHub at https://github.com/mlibrary/tkseal.
The gem is available as open source under the terms of the BSD3 License.