From 3b43491d21ed51c4fcee365f7fd3ea43e65cb63d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20N=C3=A4gele?= Date: Fri, 5 Jun 2020 12:22:56 +0200 Subject: [PATCH] Update readme MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reinhard Nägele --- README.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ca2221f..8597135 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,56 @@ A Kubernetes operator for [Mozilla SOPS](https://github.com/mozilla/sops). ----- +## Overview -work in progress... +Put SOPS-encrypted data into a `SopsSecret` which can then be committed to a Git repository. +Once deployed on a Kubernetes cluster, the SOPS Operator will decrypt the data and create a standard Kubernetes `Secret` from it. + +*Example for a SopsSecret:* + +```yaml +apiVersion: craftypath.github.io/v1alpha1 +kind: SopsSecret +metadata: + name: test-secret +spec: + stringData: + test.yaml: | + test: ENC[AES256_GCM,data:xo8jZTsQ,iv:DTouw1kgBLok6BbR5vx8366fFavV70QeCWGNQPhNb9s=,tag:RAjeoNhvGUezdOS4YOorfA==,type:str] + sops: + kms: [] + gcp_kms: [] + azure_kv: + - vault_url: https://myakskeyvault12345567.vault.azure.net + name: sops + version: 08faa451b1d04b8bacec0395fc8539f1 + created_at: '2020-05-01T19:42:49Z' + enc: DvZNm3tfyoyWibQcVPts9ODRPs3aaHbRaXOPIx1Ukypa2nPmU4RCTchBPUoqscIxDjKpSy9k6A_dfE8XAu8-XrEyuOGCEy-i6Q1OtZSGW1XnWfWXPic5TF7XCVz_08h1My1RzVUr51PPNX9uazCqQeUTfBx05KC1bT3entgfttHp-98uZkZNaI8IUUnPGCH8bZzthsXRSvRQpbZcNoOW3y04pLAVYN3xVSOdDWQSElmntg_t7eVdCsmj4iXrC-J80VPU6BoZetcsQhOLjAhXHEYMOP7fqjd2bXob59Ad8rblUDwwtcZrku5lF_LVvAKGBURxockQXmEuVAjqha1SyA + lastmodified: '2020-05-01T19:42:50Z' + mac: ENC[AES256_GCM,data:L4YfHJ59L+/YFMTizeSmEz3QiFbNYoRBVeAJNbHOCUU0W7Iv/WfGnZuNnG5c3gOELYafc812CxCFHYwoLK0bLxOd+KHwGp5IBZ7zqrg91e04V/7Tc3iEYCE3YuTQZ56XMeSSKsct7HT7jxzmVMjW0ozJ06vzQCEC/Ljsl2NfFNs=,iv:RiBXtk6Gpc/MZvDRaGKlvA8A0K7E7bGdhs8tVa6LL5w=,tag:hwnh954tiRC/VBp6LQ6nPg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.5.0 +``` + +*Here's the Secret that's created from it:* + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: test-secret +data: + test.yaml: dGVzdDogdGVzdHZhbHVlCg== +``` + +## Installation + +A Helm chart is available in our charts repo at https://github.com/craftypath/helm-charts. + +```console +helm repo add craftypath https://craftypath.github.io/helm-charts +helm install craftypath/sops-operator +``` + +Check out the chart's documentation for configuration options.