This is the multi-page printable view of this section. Click here to print.
Documentation
- 1: Installation
- 2: Examples
- 3: Contribution Guidelines
1 - Installation
Installing Encrypted-secrets Kubernetes Operator and Cryptctl CLI
Prerequisites
- Working Kubernetes cluster
- Kubectl configured to access the cluster
Installation
- Install encrypted-secret operator
export RELEASE=v0.1.0
kubectl apply -f https://github.com/OpenSecrecy/encrypted-secrets/releases/download/$RELEASE/encrypted-secrets-controller.yaml
Note: You can find the latest release here
- Install cryptctl CLI
brew tap opensecrecy/cryptctl
brew install cryptctl
Note: If you are not using brew, you can download the binary from here
- Make sure the operator is running
kubectl get pods -n encrypted-secrets-system
Setup
- Create an encryption key
cryptctl init -n <namespace> -p k8s
This will create a namespace scoped encryption key. -p flag is used to specify the encryption provider. Currently, only Kubernetes and AWS_KMS provider is supported.
In case of AWS_KMS provider, a KMS key will be created.
- Create an encrypted-secret manifest
cryptctl create -f <path-to-encrypted-secret-manifest> -p <provider>
Try it out!
Prerequisites
- Set
EDITORenvironment variable to your favorite editor. This will be used to open the encrypted-secret manifest for editing.
export EDITOR=vim
or
export EDITOR="code -w"
Once the encrypted-secret manifest is created, you can use it to add secrets and encrypt them.
Note: In case of k8s provider, make sure your kube-context is set to correct cluster.
cryptctl edit <encryptes-secrets-manifest.yaml>
This will open the manifest in your default editor. Add the secrets you want to encrypt in the data section of the manifest. Save and close the file.
2 - Examples
Create an encryption key
cryptctl init -n <namespace> -p k8s
Create an encrypted-secret manifest
cryptctl create -f demo.yaml -p k8s
Edit encrypted-secrets manifest to add secret
cryptctl edit demo.yaml
