A helper tool for file encryption in Git repositories primarily aimed at encrypting Kubernetes secrets and other sensitive information to be later used in a CI/CD pipeline
Project description
Krypt: GitOps-friendly Secret Management for Kubernetes Clusters
Krypt is a tool designed to streamline secret management within Kubernetes cluster (and pretty much any other) configurations, particularly suited for GitOps workflows. It enables users to securely seal and unseal secrets within cluster configuration folders, ensuring sensitive information remains protected both in transit and at rest.
Getting Started
To begin using Krypt, follow these simple steps:
-
Initialization: Initialize the cluster directory using the
krypt initcommand. Provide a passphrase for encryption and specify the path to the cluster directory.krypt init --passphrase PASSPHRASE /path/to/cluster
-
Sealing Secrets: Seal the secrets within the cluster directory using the
krypt sealcommand.krypt seal /path/to/cluster
-
Commit and Push: Once sealed, commit the changes to your Git repository and push them upstream. This ensures that the encrypted secrets are securely stored and version controlled.
-
CI/CD Integration: In your CI/CD pipeline, use the
krypt unsealcommand to unseal the secrets before applying manifests onto the cluster. Pass the passphrase for decryption and specify the path to the cluster directory.krypt unseal --passphrase PASSPHRASE /path/to/cluster
Usage Guidelines
-
Only files with
.kpt.in the name or those ending with.kptare sealed by Krypt. Other files within the cluster directory remain stored in plaintext. This ensures that only intended secrets are encrypted while maintaining transparency for other configuration files. -
Krypt automatically adds files with
.kpt.in the name or those ending with.kptto .gitignore to ensure that plaintext secrets are not being committed to the repository. -
It's essential to securely manage and store the passphrase used for sealing and unsealing secrets. Consider using secure key management practices to protect this passphrase.
Contributing
Contributions to Krypt are welcome! Feel free to open issues for bug reports, feature requests, or any questions you may have. Pull requests are also encouraged for those who would like to contribute directly to the project's development.
License
Krypt is licensed under the GPLv3 License, allowing for both personal and commercial use with proper attribution. Refer to the license file for detailed information.
Acknowledgments
Krypt was inspired by the need for a secure and streamlined approach to managing secrets within Kubernetes clusters, particularly in GitOps workflows. We extend our gratitude to the open-source community for their contributions and support.
Krypt - Secure Secret Management for Kubernetes Clusters
For more information, visit Krypt on GitHub
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
