argocd-vault-plugin - An ArgoCD plugin to retrieve secrets from Hashicorp Vault and inject them into Kubernetes secrets

  •        365

This plugin is aimed at helping to solve the issue of secret management with GitOps and Argo CD. We wanted to find a simple way to utilize Vault without having to rely on an operator or custom resource definition. This plugin can be used not just for secrets but also for deployments, configMaps or any other Kubernetes resource. The argocd-vault-plugin works by taking a directory of yaml files that have been templated out using the pattern of where you would want a value from Vault to go. The inside of the <> would be the actual key in Vault.

https://github.com/IBM/argocd-vault-plugin

Tags
Implementation
License
Platform

   




Related Projects

teller - A secrets management tool for developers built in Go - never leave your command line for secrets

  •    Go

Never leave your terminal to use secrets while developing, testing, and building your apps. Instead of custom scripts, tokens in your .zshrc files, visible EXPORTs in your bash history, misplaced .env.production files and more around your workstation -- just use teller and connect it to any vault, key store, or cloud service you like (Teller support Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and many more).

argo-cd - Declarative Continuous Delivery for Kubernetes

  •    Go

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Application definitions, configurations, and environments should be declarative and version controlled. Application deployment and lifecycle management should be automated, auditable, and easy to understand.

vault-on-gke - Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform

  •    HCL

This tutorial walks through provisioning a highly-available HashiCorp Vault cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool. This tutorial is based on Kelsey Hightower's Vault on Google Kubernetes Engine, but focuses on codifying the steps in Terraform instead of teaching you them individually. If you would like to know how to provision HashiCorp Vault on Kuberenetes step-by-step (aka "the hard way"), please follow Kelsey's repository instead.


hvac - :lock: Python 2/3 client for HashiCorp Vault

  •    Python

Tested against Vault v0.1.2 and HEAD. Requires v0.1.2 or later.if you would like to be able to return parsed HCL data as a Python dict for methods that support it.

ansible-vault - :key: Ansible role for Hashicorp Vault

  •    Jinja

This Ansible role performs a basic Vault installation, including filesystem structure and example configuration. It can also bootstrap a minimal development or evaluation server or HA Consul-backed cluster in a Vagrant and VirtualBox based environment. See README_VAGRANT.md and the associated Vagrantfile for more details about the developer mode setup.

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Devtron - Software Delivery Workflow For Kubernetes

  •    Go

Devtron is designed as a self-serve platform for operationalizing and maintaining applications (AppOps) on kubernetes in a developer friendly way. It provides workflow which understands the domain of kubernetes, testing, CD, SecOps so that you dont have to write scripts. It supports reusable and composable components so that workflows are easy to contruct and reason through. Deploy to multiple kubernetes cluster.

envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault

  •    Go

Envconsul provides a convenient way to launch a subprocess with environment variables populated from HashiCorp Consul and Vault. The tool is inspired by envdir and envchain, but works on many major operating systems with no runtime requirements. It is also available via a Docker container for scheduled environments.Envconsul supports 12-factor applications which get their configuration via the environment. Environment variables are dynamically populated from Consul or Vault, but the application is unaware; applications just read environment variables. This enables extreme flexibility and portability for applications across systems.

vault-ui - Vault-UI — A beautiful UI to manage your Vault, written in React

  •    Javascript

Docker images are automatically built using an automated build on Docker Hub. We encourage that versioned images are used for production. By default, connection and authentication parameters must be configured by clicking on the configuration cog on the login page. Using environment variables (via docker), an administrator can pre-configure those parameters.

sops-nix - Atomic secret provisioning for NixOS based on sops

  •    Go

Atomic secret provisioning for NixOS based on sops. Sops-nix decrypts secrets sops files on the target machine to files specified in the NixOS configuration at activation time. It also adjusts file permissions/owner/group. It uses either host ssh keys or GPG keys for decryption. In future we will also support cloud key management APIs such as AWS KMS, GCP KMS, Azure Key Vault or Hashicorp's vault.

gomplate - A flexible commandline tool for template rendering

  •    Go

Read the docs at gomplate.hairyhenderson.ca. gomplate is a template renderer which supports a growing list of datasources, such as: JSON (including EJSON - encrypted JSON), YAML, AWS EC2 metadata, BoltDB, Hashicorp Consul and Hashicorp Vault secrets.

consul-template - Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.

  •    Go

This project provides a convenient way to populate values from Consul into the file system using the consul-template daemon.The daemon consul-template queries a Consul or Vault cluster and updates any number of specified templates on the file system. As an added bonus, it can optionally run arbitrary commands when the update process completes. Please see the examples folder for some scenarios where this functionality might prove useful.

node-keytar - Native Password Node Module

  •    C++

A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault. Currently this library uses libsecret so you may need to install it before running npm install.

Thomer's Music Vault

  •    Perl

Thomer's Music Vault is a GNU/Linux streaming music server (jukebox, sort of) that presents a pretty interface to a CD music collection. Thomer's Music Vault takes care of generating playlists and encoding/decoding music in various formats.

secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume

  •    Go

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume. The Secrets Store CSI driver secrets-store.csi.k8s.io allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container's file system.

SOPS: Simple and flexible tool for managing secrets

  •    Go

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.