Skip to content
/ secret-init Public

Minimalistic init system for containers injecting secrets from various secret stores

License

Apache-2.0 license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bank-vaults/secret-init

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

198 Commits

.github

.github

 
 

e2e

e2e

 
 

examples

examples

 
 

pkg

pkg

 
 

.dockerignore

.dockerignore

 
 

.editorconfig

.editorconfig

 
 

.envrc

.envrc

 
 

.gitignore

.gitignore

 
 

.golangci.yaml

.golangci.yaml

 
 

.goreleaser.yaml

.goreleaser.yaml

 
 

.hadolint.yaml

.hadolint.yaml

 
 

.licensei.toml

.licensei.toml

 
 

.yamlignore

.yamlignore

 
 

.yamllint.yaml

.yamllint.yaml

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

NOTICE

NOTICE

 
 

README.md

README.md

 
 

args.go

args.go

 
 

args_test.go

args_test.go

 
 

docker-compose.yaml

docker-compose.yaml

 
 

env_store.go

env_store.go

 
 

env_store_test.go

env_store_test.go

 
 

flake.lock

flake.lock

 
 

flake.nix

flake.nix

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

secret-init

GitHub Workflow Status OpenSSF Scorecard

Minimalistic init system for containers injecting secrets from various secret stores.

Features

  • Multi-provider support - Automatically deduces and initializes required secret providers from environment variable references.
  • Async loading - Secrets are loaded asynchronously to improve speed.
  • Renew secrets - Use daemon mode to renew secrets in the background.
Supported Providers Stability
Local provider ✅ Production Ready
HashiCorp Vault ✅ Production Ready
OpenBao 🟡 Beta
AWS Secrets Manager / AWS Systems Manager Parameter Store ✅ Production Ready
Google Cloud Secret Manager ✅ Production Ready
Azure Key Vault ✅ Production Ready

Getting started

  • secret-init is designed for use with the Kubernetes mutating webhook. It can also function as a standalone tool.
  • Take a look at some of the examples that showcase the use of secret-init.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Run project dependencies:

make up

Build a binary:

make build

Run the test suite:

make test
make test-e2e

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done either stop or tear down dependencies:

make stop

# OR

make down

License

The project is licensed under the Apache 2.0 License.

About

Minimalistic init system for containers injecting secrets from various secret stores

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

v0.1.0 Latest
Feb 23, 2024

Packages 1

 

Contributors 6

Languages