Skip to content
/ secret-init Public

Minimalistic init system for containers injecting secrets from various secret stores

License

Apache-2.0 license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bank-vaults/secret-init

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

334 Commits
.github
.github
 
 
e2e
e2e
 
 
examples
examples
 
 
pkg
pkg
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.golangci.yaml
.golangci.yaml
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
.hadolint.yaml
.hadolint.yaml
 
 
.licensei.toml
.licensei.toml
 
 
.yamlignore
.yamlignore
 
 
.yamllint.yaml
.yamllint.yaml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
args.go
args.go
 
 
args_test.go
args_test.go
 
 
docker-compose.yaml
docker-compose.yaml
 
 
env_store.go
env_store.go
 
 
env_store_test.go
env_store_test.go
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

secret-init

GitHub Workflow Status OpenSSF Scorecard

Minimalistic init system for containers injecting secrets from various secret stores.

Features

  • Multi-provider support - Automatically deduces and initializes required secret providers from environment variable references.
  • Async loading - Secrets are loaded asynchronously to improve speed.
  • Renew secrets - Use daemon mode to renew secrets in the background.
Supported Providers Stability
Local provider ✅ Production Ready
HashiCorp Vault ✅ Production Ready
OpenBao 🟡 Beta
AWS Secrets Manager / AWS Systems Manager Parameter Store ✅ Production Ready
Google Cloud Secret Manager ✅ Production Ready
Azure Key Vault ✅ Production Ready

Getting started

  • secret-init is designed for use with the Kubernetes mutating webhook. It can also function as a standalone tool.
  • Take a look at some of the examples that showcase the use of secret-init.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Run project dependencies:

make up

Build a binary:

make build

Run the test suite:

make test
make test-e2e

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done either stop or tear down dependencies:

make stop

# OR

make down

License

The project is licensed under the Apache 2.0 License.

About

Minimalistic init system for containers injecting secrets from various secret stores

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

5 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 3

v0.2.1 Latest
Sep 24, 2024
+ 2 releases

Packages

 
 
 

Contributors 7

Languages