helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere

  •        236

Developed and used in all environments in BaseCRM. We store secrets and values in helm_vars dir structure just like in this repository example dir. All this data versioned in GIT. Working in teams on multiple projects/regions/envs and multiple secrets files at once. We have Makefile in our Helm charts repo to simplify install helm-secrets plugin with helm and other stuff we use. Same Makefile used to rebuild all helm charts with dependencies and some other everyday helpers. Encrypting, Decrypting, Editing secrets on local clones, making #PR's and storing this in our helm charts repo encrypted with PGP, AWS KMS and GCP KMS. Deploying using helm-wrapper from local or from CI with same charts and secrets/values from GIT repository.

https://github.com/futuresimple/helm-secrets

Tags
Implementation
License
Platform

   




Related Projects

kamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

  •    CSharp

An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.

landscaper - Takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster

  •    Go

Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster. The intended use case is to have this desired state under version control, and let Landscaper first test and then apply the state as part of the CI/CD stages. Binaries are available here; Docker images here. On macOS using Homebrew, a brew install landscaper should do.

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

charts - Curated applications for Kubernetes

  •    Smarty

Use this repository to submit official Charts for Kubernetes Helm. Charts are curated application definitions for Kubernetes Helm. For more information about installing and using Helm, see its README.md. To get a quick introduction to Charts see this chart document.Just helm install stable/<chart>. This is the default repository for Helm which is located at https://kubernetes-charts.storage.googleapis.com/ and is installed by default.

helm - The Kubernetes Package Manager

  •    Go

Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. Helm is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.


charts - Curated applications for Kubernetes

  •    Smarty

Use this repository to submit official Charts for Helm. Charts are curated application definitions for Helm. For more information about installing and using Helm, see its README.md. To get a quick introduction to Charts see this chart document. For general Helm Chart discussions join the Helm Charts (#charts) room in the Kubernetes.

berglas - A tool for managing secrets on Google Cloud

  •    Go

Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage. As a CLI, berglas automates the process of encrypting, decrypting, and storing data on Google Cloud.

Helm - The Kubernetes Package Manager

  •    Go

Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. It is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

  •    Go

Solution: Encrypt your Secret into a SealedSecret, which is safe to store - even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret. See https://github.com/bitnami-labs/sealed-secrets/releases for the latest release.

monocular - Search and discovery UI for Helm Chart repositories

  •    Go

Monocular is a web-based application that enables the search and discovery of charts from multiple Helm Chart repositories. It is the codebase that powers the Helm Hub project. Click here to learn more about Helm, Charts and Kubernetes.

SOPS: Secrets OPerationS

  •    Go

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •    Python

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.

terraform-provider-helm - Terraform Helm provider

  •    Go

This is a Helm provider for Terraform. The provider manages the installed Charts in your Kubernetes cluster, in the same way of Helm does, through Terraform. It will also install Tiller automatically if it is not already present.

helm-classic - (OBSOLETE) Helm Classic v1

  •    Go

Helm and Deployment Manager have recently joined forces to make deploying and managing software on Kubernetes as simple as possible. The combined effort now lives in the Kubernetes GitHub organization at kubernetes/helm. For more information about the architecture of kubernetes/helm read the architecture documentation.

control - Control manages the lifecycle of clusters on your infrastructure and allows deployment of applications via HELM

  •    Go

Create HA K8s clusters on multiple clouds. Simplify K8s deployment and management, easily configure and deploy Helm releases, and view at-a-glance metrics for cluster usage. Want to skip the rest and install SG Control? Get started here.

EnvKey - Protect API keys and credentials, Keep configuration in sync everywhere.

  •    Javascript

This is EnvKey's cross-platform native application. It supports Mac, Windows, and Linux. EnvKey is an end-to-end encrypted secrets and configuration management tool. It keeps your configuration securely and automatically in sync for all your developers and servers.

Keywhiz - A system for distributing and managing secrets

  •    Java

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.

helmfile - Deploy Kubernetes Helm Charts

  •    Go

Even though Helmfile is used in production environments across multiple organizations, it is still in its early stage of development, hence versioned 0.x. Helmfile complies to Semantic Versioning 2.0.0 in which v0.x means that there could be backward-incompatible changes for every release.

zero-to-jupyterhub-k8s - Resources for deploying JupyterHub to a Kubernetes Cluster

  •    Python

This is under active development and subject to change. This repo contains resources, such as Helm charts and the Zero to JupyterHub Guide, which help you to deploy JupyterHub on Kubernetes.

chartmuseum - Helm Chart Repository with support for Amazon S3, Google Cloud Storage, Microsoft Azure Blob Storage, Alibaba Cloud OSS Storage, and Openstack Object Storage

  •    Go

ChartMuseum is an open-source Helm Chart Repository written in Go (Golang), with support for cloud storage backends, including Google Cloud Storage, Amazon S3, Microsoft Azure Blob Storage, Alibaba Cloud OSS Storage and Openstack Object Storage. Works as a valid Helm Chart Repository, and also provides an API for uploading new chart packages to storage etc.