Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SOPS: Decrypt Kubernetes secrets generated by kustomize #329

Merged
merged 1 commit into from
Apr 29, 2021
Merged

SOPS: Decrypt Kubernetes secrets generated by kustomize #329

merged 1 commit into from
Apr 29, 2021

Conversation

bob-rohan
Copy link
Contributor

@bob-rohan bob-rohan commented Apr 21, 2021
edited by stefanprodan
Loading

Kustomize-controller can currently decrypt SOPS encrypted files - but
whole files only.

Kubernetes Secrets are base64 encoded, therefore when a SOPS encrypted
file, is added as base64 encoded data to a Kubernetes Secret, it is not
decrypted.

Fix: #328

@bob-rohan bob-rohan force-pushed the 328_base64_encoded_sops_encrypted_secrets branch from e9b5e08 to 8127709 Compare April 21, 2021 14:25
@bob-rohan bob-rohan mentioned this pull request Apr 21, 2021
Closed
@bob-rohan bob-rohan force-pushed the 328_base64_encoded_sops_encrypted_secrets branch 2 times, most recently from 1706144 to a7e7613 Compare April 27, 2021 20:32
@stefanprodan stefanprodan changed the title #328 Decrypt base64 encoded SOPS encrypted secrets #328 Decrypt base64 encoded SOPS encrypted secrets Apr 28, 2021
stefanprodan
stefanprodan reviewed Apr 28, 2021
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bob-rohan can you please add a sub-section here https://github.com/fluxcd/kustomize-controller/blob/main/docs/spec/v1beta1/kustomization.md#secrets-decryption and document the new decryption option. Please mention kustomize secret generator and how to use it.

@bob-rohan bob-rohan force-pushed the 328_base64_encoded_sops_encrypted_secrets branch from 193e063 to adb196d Compare April 28, 2021 10:45
@stefanprodan
Copy link
Member

@bob-rohan can you please squash all commits into a single one and rename it to "Decrypt base64 encoded SOPS encrypted secrets". Thanks!

@bob-rohan bob-rohan force-pushed the 328_base64_encoded_sops_encrypted_secrets branch from adb196d to 9ffafd6 Compare April 28, 2021 10:53
Decrypt base64 encoded SOPS encrypted secrets
a77ea03 
Signed-off-by: Bob Rohan <bob.rohan@hodge.co.uk>
@bob-rohan bob-rohan force-pushed the 328_base64_encoded_sops_encrypted_secrets branch from 9ffafd6 to a77ea03 Compare April 28, 2021 10:54
@stefanprodan stefanprodan changed the title Decrypt base64 encoded SOPS encrypted secrets SOPS: Decrypt Kubernetes secrets generated by kustomize Apr 29, 2021
stefanprodan
stefanprodan approved these changes Apr 29, 2021
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @bob-rohan 🏅

@stefanprodan stefanprodan merged commit 2a03b6e into fluxcd:main Apr 29, 2021
@bob-rohan bob-rohan deleted the 328_base64_encoded_sops_encrypted_secrets branch April 29, 2021 10:03
@apeschel
Copy link
Contributor

apeschel commented May 3, 2021

Thank you @bob-rohan, this is fantastic work!

@gmaiztegi gmaiztegi mentioned this pull request May 31, 2021
Merged
@stefanprodan stefanprodan added the area/sops SOPS related issues and pull requests label Jun 2, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees
No one assigned
Labels
area/sops SOPS related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Decrypt base64 encoded SOPS encrypted secrets
3 participants
@bob-rohan @stefanprodan @apeschel