Merge sops secrets
These are command-line utilities that help with decrypting secrets via sops in the context of kubernetes and/or helm.
Prerequisites
- node.js with
npx-
npxshipped with node since version 8 I think, but version 12 or newer recommended
-
- sops command line tool
- valid AWS credentials configured (via env vars, profile, etc)
CLI Usage: merge-sops-secrets
merge-sops-secrets will enhance a helm chart values.yaml file with a bunch of extra data from encrypted sops files on disk.
npx --quiet --package @reactioncommerce/merge-sops-secrets --command merge-sops-secrets path/to/my/values.yaml
- Pass the path to your
values.yamlfile as the first command line argument
A final JSON document (which is also valid YAML) will be written to standard output. You can pipe this in to the helm CLI using /dev/stdin for the values path.
Data File Layout
This program expects your encrypted files:
- are in the same directory as your
values.yaml - Filename is
MY_VAR.sopswhereMY_VARis your environment variable name
Example
Chart.yaml
README.md
templates
templates/deployment.yaml
templates/service.yaml
values-acme-staging
values-acme-staging/AWS_ACCESS_KEY_ID.sops
values-acme-staging/DATABASE_PASSWORD.sops
values-acme-staging/SAMPLE_API_KEY.sops
values-acme-staging/values.yml
CLI Usage: sops-to-secret
sops-to-secret will enhance a kubernetes secret.yaml file with a bunch of extra data from encrypted sops files on disk.
npx --quiet --package @reactioncommerce/merge-sops-secrets --command sops-to-secret path/to/secret-stub.yaml > path/to/secret.yaml
Data File Layout
This program expects your encrypted files:
- are in subdirectory named
.sopsfrom where yoursecrets-stub.yamlfile lives - Filename is
MY_VAR.encwhereMY_VARis your environment variable name
Example
secret-stub.yaml
.sops/AWS_ACCESS_KEY_ID.enc
.sops/DATABASE_PASSWORD.enc
.sops/SAMPLE_API_KEY.enc