Displaying 1 to 18 from 18 results

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

  •    Go

Solution: Encrypt your Secret into a SealedSecret, which is safe to store - even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret. See https://github.com/bitnami-labs/sealed-secrets/releases for the latest release.

kamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

  •    CSharp

An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.

landscaper - Takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster

  •    Go

Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster. The intended use case is to have this desired state under version control, and let Landscaper first test and then apply the state as part of the CI/CD stages. Binaries are available here; Docker images here. On macOS using Homebrew, a brew install landscaper should do.




helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere

  •    Shell

Developed and used in all environments in BaseCRM. We store secrets and values in helm_vars dir structure just like in this repository example dir. All this data versioned in GIT. Working in teams on multiple projects/regions/envs and multiple secrets files at once. We have Makefile in our Helm charts repo to simplify install helm-secrets plugin with helm and other stuff we use. Same Makefile used to rebuild all helm charts with dependencies and some other everyday helpers. Encrypting, Decrypting, Editing secrets on local clones, making #PR's and storing this in our helm charts repo encrypted with PGP, AWS KMS and GCP KMS. Deploying using helm-wrapper from local or from CI with same charts and secrets/values from GIT repository.

deploy-graph-db-container - Host a graph database such as OrientDB on IBM Container Service using Kubernetes APIs

  •    

Read this in other languages: 한국어. Graph databases, such as OrientDB, store data in a graph structure consisting of nodes, edges and properties. Graph databases, by design, allow simple and fast retrieval of complex hierarchical structures in a much more efficient manner than relational databases. Gremlin is a standardised graph traversal language for retrieving data from graph databases (the way SQL is for RDBMS).

k8sec - CLI tool to manage Kubernetes Secrets easily

  •    Go

Formula is available at dtan4/homebrew-dtan4. Precompiled binaries for Windows, OS X, Linux are available at Releases.

bank-vaults - A Vault swiss-army knife: Go client with automatic token renewal, Kubernetes support, dynamic secrets, multiple unseal options and more

  •    Go

Bank Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitude. Watch out for clean-up sets. Bank Vaults is a wrapper for the official Vault client with automatic token renewal, built in Kubernetes support, dynamic database credential management, multiple unseal options, automatic re/configuration and more.


kubernetes-replicator - Kubernetes controller for synchronizing secrets & config maps across namespaces

  •    Go

This repository contains a custom Kubernetes controller that can be used to make secrets and config maps available in multiple namespaces. Add the annotation replicator.v1.mittwald.de/replicate-from to any Kubernetes secret or config map object. The value of that annotation should contain the the name of another secret or config map (using <namespace>/<name> notation).

kubernetes-secret-generator - Kubernetes controller for automatically generating and updating secrets

  •    Go

This repository contains a custom Kubernetes controller that can automatically create random secret values. This may be used for auto-generating random credentials for applications run on Kubernetes. Older versions (actually, just 0.0.1) of this controller used the math/rand package for generating secrets, which is deterministic and not cryptographically secure (see #1 for more information). If you're already running this controller and want to regenerate all potentially compromised secrets, start the controller with the -regenerate-insecure flag (note that you will need to manually re-create any Pods using these secrets, though). When using the kubectl apply command from below, the new flag will be added to your Deployment automatically.

k8comp - Kubernetes parameterized deployments manifests/templates https://cststack.github.io/k8comp/

  •    Shell

K8comp is a tool which substitutes any templates variables declared in the format %{VARIABLE default "DEFAULT_VALUE"} or %{VARIABLE} with values from a files hierarchy using hiera. The tool was created to simplify apps deployments for Kubernetes but it can be used to template any other type of files.

aws-ssm - Populates Kubernetes Secrets from AWS Parameter Store

  •    Go

First, export required variables, then run make install. The following chart values may be set. Only the required variables (AWS credentials) need provided by the user. Most of the time, the other defaults should work as-is.

secrets-manager - A daemon to sync Vault secrets to Kubernetes secrets

  •    Go

Lots of companies use Vault as their secrets store backend for multiple kind of secrets and different purposes. Kubernetes brings a nice secrets API, but it means that you have two different sources of truth for your secrets. secrets-manager tries to solve this, by reading secrets from Vault and comparing them to Kubernetes secrets, creating and updating them as you do it in Vault.

kube-csr - Generate, submit, approve, fetch, renew and purge certificates in Kubernetes

  •    Go

But you can also choose to select the steps you want to execute. The garbage collector can be daemonized with the adapted flags.

ecr-k8s-secret - Automatically creates a Kubernetes secret to pull images from AWS ECR using your AWS credentials

  •    Shell

Automatically creates a Kubernetes secret to pull images from AWS ECR using your AWS credentials

secrets-provider-for-k8s - Cyberark secrets provider for k8s

  •    Shell

The CyberArk Secrets Provider for Kubernetes enables Conjur Enterprise (formerly known as DAP) to retrieve secrets stored and managed in the CyberArk Vault. The secrets can be consumed by your Kubernetes or Openshift application containers. To retrieve the secrets from Conjur or Conjur Enterprise, the CyberArk Secrets Provider for Kubernetes runs as an init container or application container and fetches the secrets that the pods require. To deploy the CyberArk Secrets Provider for Kubernetes as an application container, supporting multiple applications please see the Secrets Provider helm chart.

estafette-letsencrypt-certificate - Kubernetes controller to retrieve and renews tls certificates from Letsencrypt for annotated Kubernetes secrets

  •    Go

In order to create and renew certificates automatically every 60 days this application decouples that responsibility from any deployments and moves it into the Kubernetes cluster itself. Once it's running put the following annotations on a secret and deploy. The estafette-letsencrypt-certificate application will watch changes to secrets and process those. Once approximately every 300 seconds it also scans all secrets as a safety net.

kubectl-vault_sync - Kubernetes plugin to synchronize secrets from vault as kubernetes secrets.

  •    Go

The vault_sync plugin is a k8s plugin to synchronize secrets from vault as kubernetes secrets.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.