SecretHub - GitHub Secrets CLI
SecretHub lets you easily manage your GitHub secrets from the command linewith support for bulk operations and organization secrets.
Installation
With Ruby:
$ gem install secret_hub
Or with Docker:
$ alias secrethub='docker run --rm -it -e GITHUB_ACCESS_TOKEN -v "$PWD:/app" dannyben/secrethub'
Prerequisites
SecretHub is a wrapper around the GitHub Secrets API. To useit, you need to set up your environment with aGitHub Access Token:
$ export GITHUB_ACCESS_TOKEN=<your access token>
Give your token the repo scope, and for organization secrets, the admin:org scope.
Usage
SecretHub has three families of commands:
secrethub repo- manage repository secrets.secrethub org- manage organization secrets.secrethub bulk- manage multiple secrets in multiple repositories using a config file.
$ secrethub
GitHub Secret Manager
Commands:
repo Manage repository secrets
org Manage organization secrets
bulk Manage multiple secrets in multiple repositories
Run secrethub COMMAND --help for command specific help
$ secrethub repo
Usage:
secrethub repo list REPO
secrethub repo save REPO KEY [VALUE]
secrethub repo delete REPO KEY
secrethub repo (-h|--help)
$ secrethub org
Usage:
secrethub org list ORG
secrethub org save ORG KEY [VALUE]
secrethub org delete ORG KEY
secrethub org (-h|--help)
$ secrethub bulk
Usage:
secrethub bulk init [CONFIG]
secrethub bulk show [CONFIG --visible]
secrethub bulk list [CONFIG]
secrethub bulk save [CONFIG --clean --dry --only REPO]
secrethub bulk clean [CONFIG --dry]
secrethub bulk (-h|--help)
Bulk operations
All the bulk operations use a simple YAML configuration file.The configuration file includes a list of GitHub repositories, each with alist of its secrets.
For example:
# secrethub.yml
user/repo:
- SECRET
- PASSWORD
- SECRET_KEY
user/another-repo:
- SECRET
- SECRET_KEY
Each list of secrets can either be an array, or a hash.
Using array syntax
All secrets must be defined as environment variables.
user/repo:
- SECRET
- PASSWORD
Using hash syntax
Each secret may define its value, or leave it blank. When a secret value isblank, it will be loaded from the environment.
user/another-repo:
SECRET:
PASSWORD: p4ssw0rd
Using YAML anchors
SecretHub ignores any key that does not look like a repository (does notinclude a slash /). Using this feature, you can define reusable YAMLanchors:
docker: &docker
DOCKER_USER:
DOCKER_PASSWORD:
user/repo:
<<: *docker
SECRET:
PASSWORD: p4ssw0rd
Note that YAML anchors only work with the hash syntax.
Contributing / Support
If you experience any issue, have a question or a suggestion, or if you wishto contribute, feel free to open an issue.
-
使用kubectl命令可以创建不同类型的secret对象。下面是一个通用的kubectl create secret命令的示例: kubectl create secret <type> <name> <data> <options> 其中,指定secret对象的类型,可以是generic、docker-registry、tls等。指定secret对象的名称,是secret对象的数据,是secr
-
一、Secret 存在意义 Secret 解决了密码、token、密钥等敏感数据的配置问题,而不需要把这些敏感数据暴露到镜像或者 Pod Spec 中。Secret 可以以 Volume 或者环境变量的方式使用。 Secret 有三种类型: Service Account :用来访问 Kubernetes API,由 Kubernetes 自动创建,并且会自动挂载到 Pod 的 /run/secr
-
secret 用于存储和管理一些敏感数据,比如密码,token,密钥等敏感信息。它把 Pod 想要访问的加密数据存放到 Etcd 中。然后用户就可以通过在 Pod 的容器里挂载 Volume 的方式或者 环境变量 的方式访问到这些 Secret 里保存的信息 Secret 有三种类型 Opaque:base64 编码格式的 Secret,用来存储密码、密钥等;但数据也可以通过base64 –dec