Skip to content
/ secrets-webhook Public

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

License

Apache-2.0 license
12 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bank-vaults/secrets-webhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

248 Commits
.github
.github
 
 
deploy/charts/secrets-webhook
deploy/charts/secrets-webhook
 
 
e2e
e2e
 
 
examples
examples
 
 
pkg
pkg
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.golangci.yaml
.golangci.yaml
 
 
.hadolint.yaml
.hadolint.yaml
 
 
.licensei.toml
.licensei.toml
 
 
.yamlignore
.yamlignore
 
 
.yamllint.yaml
.yamllint.yaml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
garden.yaml
garden.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
project.garden.yaml
project.garden.yaml
 
 
tlscertificate.go
tlscertificate.go
 
 

Repository files navigation

Secrets Webhook

GitHub Workflow Status OpenSSF Scorecard OpenSSF Best Practices Artifact Hub

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

Documentation

The official documentation for the webhook is available at https://bank-vaults.dev.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Fetch required tools:

make deps

Run project dependencies:

make up

Run the webhook:

make -j run forward

Run the test suite:

make test
make test-e2e-local

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done, you can tear down project dependencies:

make down

Running e2e tests

The project comes with an e2e test suite that is mostly self-contained, but at the very least, you need Docker installed.

By default, the suite launches a KinD cluster, deploys all necessary components and runs the test suite. This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite (with a few minor differences).

You can run the test suite by running the following commands:

make test-e2e-local

Another way to run the test suite is using an existing cluster. This may be a better option if you want to debug tests or figure out why something isn't working.

Set up a Kubernetes cluster of your liking. For example, launch a KinD cluster:

kind create cluster

Deploy the necessary components (including the webhook itself):

garden deploy

Run the test suite:

make BOOTSTRAP=false test-e2e

License

The project is licensed under the Apache 2.0 License.

About

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

Topics

vault kubernetes-webhook

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

12 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases 2

v0.2.0 Latest
Sep 25, 2024
+ 1 release

Packages

 
 
 

Contributors 5

Languages