A kustomize plugin that is able to generate secrets by extracting them from pass or replace placeholders in other manifests from pass.
kustomize currently recently had an issue regarding the execution of krm functions (this plugin is one) which prevents the execution of this plugin under some circumstances. The issue has been resolved in kustomize v5.0.0. See kustomize PR #4654 for more details.
For installation, this package depends on gpgme-rs which requires the gpgme library and its development files (e.g., headers, gpgme-config) to be installed during the build process. You should install these using your operating systems package manager.
Afterwards, you can install the package either using one of the provided binaries from the releases page or compile and install it yourself by running
cargo install kustomize-passOnce kustomize-pass is installed, you can use the generator by providing kustomize with the following example resource manifests.
A detailed description of the supported input manifest is provided in openapi format in the schema.openapi.yaml. It can also be generated and printed on-demand by the application.
# generator.yml
apiVersion: ftsell.de/v1beta1
kind: PassSecret
metadata:
name: example-secret
annotations:
config.kubernetes.io/function: |
exec:
path: kustomize-pass
behavior: create # can be create, merge or replace
source: # can also be unspecified to use the store at ~/.password-store
url: https://github.com/example-user/example-repo.git
data:
example-key: example-pass-name# kustomization.yml
apiVersion: kustomize.config.k8s.io/v1beta1
generators:
- generator.ymlWhen running the shown example and if you have a password named example-pass-name in your password store, the following
resulting resource will be produced:
apiVersion: v1
kind: Secret
metadata:
name: example-secret
data:
example-key: foobar123