Authentication and secret management with pass and kubectl integration. Works as a standalone script, or kubectl plugin.
pass, the standard Unix password manager, is a powerful way to store your valuable secrets with GPG keys. Read about it more at passwordstore.org.
Copy kubectl-pass somewhere in your $PATH:
cd ~/.local/bin
curl -LO https://github.com/rafi/kubectl-pass/raw/master/kubectl-pass
chmod ug+x kubectl-passNow you can run as a kubectl plugin, standalone, or alias:
kubectl pass -h
# OR
kubectl-pass -h
# OR
alias kubepass=kubectl-pass
kubepass -hkubectl pass auth reads an encrypted pass file, looks for matching keywords
and returns a Kubernetes ExecCredential kind manifest.
For example, if you are using PEM, create a new encrypted pass secret:
pass edit personal/k8sFill in these fields: (Make sure they are already base64 encoded)
client-certificate-data: LS0...
client-key-data: LS0...Finally, edit your ~/.kube/config user:
users:
- name: personal-admin
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- auth
- pem
- personal/k8s
command: kubectl-passNow try using kubectl with the context you've edited. Enjoy!
Coming Soon...
- MIT