Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Generate secrets from templating #264

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

motoki317
Copy link

@motoki317 motoki317 commented Oct 20, 2024

Hello ksops team!

This is a (non-breaking) feature pull request to add one advanced feature to the ksops plugin.

I have added usage and usecases to README.md, but in short, this feature allows you to use golang text/template to template a secret from variables read via sops.
Please feel free to correct my English in README if anything feels unnatural, because I am not a native English speaker.

My particular usecases include: templating a Gitea app.ini config file.
The app.ini is large, and has quite a few fields and a number of secret fields I would like to mask in a git repository.
(Since .ini is supported by sops, I guess technically I could use unencrypted_regex to filter out fields in .sops.yaml, but that would get the config file too cluttered. I would personally rather use this templating feature implemented in this PR.)

I have uploaded a built docker image of this PR to ghcr.io/motoki317/ksops so I can try it out in my environment.
You can view my refactor commits using this feature from the following links:
motoki317/manifest@533de9f
motoki317/manifest@570a8f3

I should also note that this was partially inspired by external-secret's advanced templating feature.
https://external-secrets.io/latest/guides/templating/

Thank you in advance!

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. kind:enhancement New feature or request labels Oct 20, 2024
@motoki317 motoki317 changed the title fear: Generate secrets from templating feat: Generate secrets from templating Oct 20, 2024
@motoki317
Copy link
Author

@devstein Hi! Would you mind taking a look at this?

@devstein
Copy link
Collaborator

Hey @motoki317 thanks for the contribution! I'll take a look this weekend.

I generally want to keep KSOPS lean and simply a wrapper around kustomize and SOPS, but think this could makes sense.

@motoki317
Copy link
Author

@devstein Any updates? :)
No rush, but I think it would be cool if ksops supported this advanced feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind:enhancement New feature or request size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants