Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
---|---|---|---|---|---|---|---|---|---|---|
Helm Secrets | 921 | 6 days ago | 1 | apache-2.0 | Shell | |||||
A helm plugin that help manage secrets with Git workflow and store them anywhere | ||||||||||
Vault Secrets Gen | 317 | a month ago | 17 | August 11, 2022 | 2 | mit | Go | |||
A Vault secrets plugin for generating high entropy passwords and passphrases. | ||||||||||
Serverless Kubeless | 299 | 64 | 2 | a year ago | 53 | January 26, 2021 | 42 | apache-2.0 | JavaScript | |
This plugin enables support for Kubeless within the Serverless Framework. | ||||||||||
Wp Graphql Jwt Authentication | 269 | 2 months ago | 10 | May 16, 2022 | 60 | gpl-3.0 | PHP | |||
Authentication for WPGraphQL using JWT (JSON Web Tokens) | ||||||||||
Hidden Secrets Gradle Plugin | 259 | 5 months ago | 10 | mit | Kotlin | |||||
🔒 Deeply hide secrets on Android | ||||||||||
Hashicorp Vault Plugin | 204 | 2 months ago | 86 | mit | Java | |||||
Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault. | ||||||||||
Kubectl View Secret | 196 | 2 months ago | 12 | April 28, 2022 | 2 | mit | Go | |||
Kubernetes CLI plugin to decode Kubernetes secrets | ||||||||||
Awesome Vault Tools | 181 | 2 years ago | apache-2.0 | |||||||
Awesome tools around HashiCorp Vault | ||||||||||
Network Manager Wireguard | 172 | 3 years ago | 24 | other | C | |||||
NetworkManager VPN Plugin: Wireguard | ||||||||||
Trousseau | 141 | a month ago | 4 | June 08, 2022 | 25 | apache-2.0 | Go | |||
Store and access your secrets the Kubernetes native way with any external KMS. |
helm-secrets is a Helm plugin for decrypt encrypted Helm value files on the fly.
Whos actually using helm-secrets? If you are using helm-secrets in your company or organization, we would like to invite you to create a PR to add your information to this file.
See Installation for more information.
For full documentation, read GitHub wiki.
Run decrypted command on specific value files. This is method is preferred over the plugin command below. This mode is used in ArgoCD environments.
On Windows, the command helm secrets patch windows
needs to be run first.
helm upgrade name . -f secrets://secrets.yaml
See Usage for more information
Wraps the whole helm
command. Slow on multiple value files.
helm secrets upgrade name . -f secrets.yaml
requires helm 3.9+; vals 0.20+
helm-secrets supports evaluating vals expressions inside Helm templates by
enable the flag --evaluate-templates
.
secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret
type: Opaque
stringData:
password: "ref+awsssm://foo/bar?mode=singleparam#/BAR"
Run
helm secrets --evaluate-templates upgrade name .
Use AWS Secrets Manager or Azure KeyVault for storing secrets securely and reference them inside values.yaml
helm secrets --backend vals template bitnami/mysql --name-template mysql \
--set auth.rootPassword=ref+awsssm://foo/bar?mode=singleparam#/BAR
See Cloud Integration for more information.
For running helm-secrets with ArgoCD, see ArgoCD Integration for more information.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: app
spec:
source:
helm:
valueFiles:
- secrets+gpg-import:///helm-secrets-private-keys/key.asc?secrets.yaml
- secrets+gpg-import-kubernetes://argocd/helm-secrets-private-keys#key.asc?secrets.yaml
- secrets://secrets.yaml
# fileParameters (--set-file) are supported, too.
fileParameters:
- name: config
path: secrets://secrets.yaml
# directly reference values from Cloud Providers
- name: mysql.rootPassword
path: secrets+literal://ref+azurekeyvault://my-vault/secret-a
The Terraform Helm provider does not support downloader plugins.
helm-secrets can be used together with the Terraform external data source provider.
data "external" "helm-secrets" {
program = ["helm", "secrets", "decrypt", "--terraform", "../../examples/sops/secrets.yaml"]
}
resource "helm_release" "example" {
values = [
file("../../examples/sops/values.yaml"),
base64decode(data.external.helm-secrets.result.content_base64),
]
}
An example of how to use helm-secrets with Terraform could be found in examples/terraform.
helm-secrets support multiple secret backends. Currently, sops and vals are supported.
See Secret-Backends how to use them.
An additional documentation, resources and examples can be found here.
scripts/run.sh
- Main helm-secrets plugin code for all helm-secrets plugin actions available in helm secrets help
after plugin installscripts/backends
- Location of the in-tree secrets backendsscripts/commands
- Sub Commands of helm secrets
are defined here.scripts/lib
- Common functions used by helm secrets
.scripts/wrapper
- Wrapper scripts for Windows systems.tests
- Test scripts to check if all parts of the plugin work. Using test assets with PGP keys to make real tests on real data with real encryption/decryption. See tests/README.md
for more informations.examples
- Some example secrets.yaml2020-2022 Jan-Otto Krpke (jkroepke)
2017-2020 Zendesk
Licensed under the Apache License, Version 2.0