Define secrets as part of your configuration and have them resolved by cue.
//////////////////////////
// Example basic schema
//////////////////////////
EvaluableSecret:: {
name: string
type?: string
values: [string]: string | [string, ...string]
}
Secret:: {
apiVersion: "v1"
kind: "Secret"
metadata: name: string
data: [string]: string
type: string | *"Opaque"
}
//////////////////////////
// Example data
//////////////////////////
evaluableSecrets: [...EvaluableSecret]
evaluableSecrets: [
{
name: "k8s-secret-1"
values: "hello": "echo world"
values: "some-other-secret": "printf test"
},
{
name: "k8s-docker-config"
type: "kubernetes.io/dockerconfigjson"
values: ".dockerconfigjson": ["sh", "-c", "printf test | base64 -w0 | base64 -d"]
}
]
The configuration above yields the NDJSON below upon running cue getsecrets.
{
"type": "kubernetes.io/dockerconfigjson",
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"name": "k8s-docker-config"
},
"data": {
".dockerconfigjson": "test"
}
}
{
"type": "Opaque",
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"name": "k8s-secret-1"
},
"data": {
"hello": "world\n",
"some-other-secret": "test"
}
}