cmd

package

v0.0.0-...-c2f8fcc Latest Latest Go to latest Published: Jan 14, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/innovia/secrets-consumer-env

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	GCPBackendProjectID string
)

secretConfigs in JSON strings format

View Source

var RootCmd = &cobra.Command{
	Use:   "secrets-consumer-env",
	Short: "Consume secrets from AWS, GCP or Hashicorp Vault",
	Long: `There are a few secret managers that holds secrets, the problem becomes how to consume these secrets
securely.

The Secrets Consumer Env creates a new shell environment, and fetch the secrets from the secret engine
adding them to the environment variables on the new shell and then calling the` + " `syscall.execv` " + `which will
replace the running process with the given process, that given process will inherit all environment variables.

In the world of containers, its important that the process running in it should get the PID 1 so
that a sig TERM will work properly.

will have access to the env vars, the operating system / docker container will not have any of the
secrets exposed.

This tool can either run as a standalone outside of kubernetes or using the Kubernetes mutation webhook.

This tool works with the following secrets managers:

* GCP Secret Manager
* AWS Secret Manager
* Hashicorp Vault
  * Kubernetes backend login (Default)
  * GCP backend login

### CLI Commands

* ` + "`aws` " + ` - enable the AWS Secret Manager
* ` + "`gcp` " + ` - enable the GCP Secret Manager
* ` + "`vault` " + ` - enable the Vault Secret Manager

**Note: The double dash symbol “–-” is used to separate the arguments you want to pass to the command from the secrets-consumer-env arguments.**

**Important: Do not use double-quotes for your command as it will first be evaluated by your shell and not by the secrets-consumer-env.**`,
}

RootCmd represents the base command when called without any subcommands

Functions ¶

func Execute ¶

func Execute()

Execute adds all child commands to the root command and sets flags appropriately. This is called by main.main(). It only needs to happen once to the RootCmd.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL