trousseau

module

v1.1.3 Latest Latest Go to latest Published: Jun 8, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ondat/trousseau

Links

Open Source Insights

README ¶

Please note: We take security and users' trust seriously. If you believe you have found a security issue in Trousseau, please responsibly disclose by following the security policy.

This is the home of Trousseau, an open-source project leveraging the Kubernetes KMS provider framework to connect with Key Management Services the Kubernetes native way!

Website: https://trousseau.io
Announcement & Forum: GitHub Discussions
Documentation: GitHub Wiki
Hands-on lab: Tutorial
Recording of the hands-on lab: DoK London Meetup

Why Trousseau

Kubernetes platform users are all facing the very same question: how to handle Secrets?

While there are significant efforts to improve Kubernetes component layers, the state of Secret Management is not receiving much interests. Using etcd to store API object definition & states, Kubernetes secrets are encoded in base64 and shipped into the key value store database. Even if the filesystems on which etcd runs are encrypted, the secrets are still not.

Instead of leveraging the native Kubernetes way to manage secrets, commercial and open source solutions solve this design flaw by leveraging different approaches all using different toolsets or practices. This leads to training and maintaining niche skills and tools increasing cost and complexity of Kubernetes.

Once deployed, Trousseau will enable seamless secret management using the native Kubernetes API and kubectl CLI usage while leveraging an existing Key Management Service (KMS) provider.

How? By using using the Kubernetes KMS provider framework to provide an envelop encryption scheme to encrypt secrets on the fly.

About the name

The name trousseau comes from the French language and is usually associated with keys like in trousseau de clés meaning keyring.

Contributing Guidelines

We love your input! We want to make contributing to this project as easy and transparent as possible. You can find the full guidelines here.

Community

Please reach out for any questions or issues via our Github Discussions.

Alternatively you can:

Raise an issue or PR on this repo
Follow us on Twitter @ondat_io

Roadmap

You can view our project board here.

License

Trousseau is under the Apache 2.0 license. See LICENSE file for details.

Directories ¶

Path	Synopsis
cmd
kubernetes-kms-vault
internal
config
encrypt
logger
metrics
server
utils
version
providers
awskms Module
azurekms Module
debug Module
vault Module
proxy module
trousseau module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL