Open Just-Insane opened 5 years ago
I have added basic support for HashiCorp Vault with this commit https://github.com/Just-Insane/helm-secrets/commit/bbd02c1403bed8c4d5426e09a938b232ab2d2c14.
helm secrets clean
appears to be broken, though it is unmodifiedhelm secrets enc values.yaml
helm secrets dec values.yaml
rm values.yaml.dec
If you have any questions or run into issues, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane
If you would like to suggest a new feature, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane
I ran into some issues with the function that pulls the values from Vault and puts them back into the "decrypted" file.
It is possible I could go through each key as it's found and perform the enc/dec operations per instance (see dict_walker() in Helm-Vault).
If anyone has a better thought on how to get the values from Vault into the decrypted file, I am all ears.
Due to this issue, I have been working on Helm-Vault, which has been re-written in Python with a proper YAML parser. So far this project has matched all of the features except those that use the Helm Wrapper function (install, upgrade, lint, diff), however this is in progress.
I am working on adding support for HashiCorp Vault into helm-secrets.
Main issues I have right now are that i have had to re-write the yaml parsing logic from SOPS in bash, as well as extend the encrypt/decrypt/edit options, since I am not using SOPS.
So far I have the encryption option mostly working and I can upload user inputed variables to Vault, and I am working on the decryption option.
Current issues include issues with sanitizing user input for special characters, and some hard coded values used to parse the given values.yaml file for what to store in Vault.
I plan on uploading some work in progress code later tonight.