From 59fbbfcfe0ea50266612d68236c8466cfea50416 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 25 Apr 2020 19:03:59 +0100 Subject: [PATCH] Updated readme --- .dockerignore | 1 + Makefile | 2 +- README.md | 45 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/.dockerignore b/.dockerignore index 3f0e80a..4e2cafb 100644 --- a/.dockerignore +++ b/.dockerignore @@ -17,3 +17,4 @@ lerna-debug.log* *.code-workspace .history/ Dockerfile +manifests diff --git a/Makefile b/Makefile index ddb5cac..a6d3a9c 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ .DEFAULT_GOAL := default -IMAGE ?= docker.cloud.cluster.fun/private/kube-1password-secrets:latest +IMAGE ?= docker.cloud.cluster.fun/averagemarcus/kube-1password-secrets:latest .PHONY: test # Run all tests, linting and format checks test: lint check-format run-tests diff --git a/README.md b/README.md index cec727b..e8b7749 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,54 @@ # kube-1password-secrets -Sync secrets from a 1Password vault into Kubernetes secrets +Sync secrets from a 1Password vault into Kubernetes secrets. + +> **Note:** This should not be considered production grade. It is built on top of the 1Password CLI client which could stop working without warning due to changes made by 1Password. ## Features +* Sync data from items stored in 1Password to Secret resources within Kubernetes +* Rename fields when storing the data in the Kubernetes secret + ## Install -```sh +1. Create an environment variable with your 1Password credentials: + ```sh + cp ./manifests/example.env ./manifests/.env + ``` + +1. Deploy to Kubernetes + + ```sh + make release + ``` + +## Usage + +1Password secrets are configured using annotation on Secret resources in Kubernetes. + +The only required value is the ID of the secret in 1Password. You can get this by looking at the URL when viewing the secret in 1Password, e.g. + +> my.1password.com/vaults/123456789qwertyuiop/allitems/**123456example7890** + +Example: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: example-secret + annotations: + kube-1password: 123456example7890 # [Required] This is the ID of the item within 1Password + kube-1password/vault: Kubernetes # The name of the Vault + kube-1password/username-key: "user" # The key the username should be saved as in the Secret resource (default: `username`) + kube-1password/password-key: "pass" # The key the password should be saved as in the Secret resource (default: `password`) + kube-1password/secret-text-key: "note" # The key the secret text should be saved as in the Secret resource (default: `secretText`) +type: Opaque ``` +kube-1password-secrets currently supports *Login*, *Secure Note* and *Password* item types in 1Password. Only the **username**, **password** and **notes** fields are retrieved. + ## Building from source With Docker: @@ -26,6 +65,8 @@ make build ## Resources +* [1Password CLI client](https://app-updates.agilebits.com/product_history/CLI) + ## Contributing If you find a bug or have an idea for a new feature please [raise an issue](/AverageMarcus/kube-1password-secrets/issues/new) to discuss it.