/jx-secret

a binary plugin for working with Kubernetes External Secrets

Primary LanguageGoApache License 2.0Apache-2.0

jx-secret

Documentation Go Report Card Releases LICENSE Slack Status

jx-secret is a small command line tool working with Kubernetes External Secrets.

You can find more about how we use the jx-secret binary binary inside Jenkins X in the guide on working with Secrets

Getting Started

Download the jx-secret binary for your operating system and add it to your $PATH.

See the jx-secret command reference for the available commands

Schema

To improve the UX around editing Secrets via jx secret edit or populating initial or generated secrets on first install via jx secret populate we use a Schema definition (similar to JSON Schema) which allows you to provide better validation and configuration for default values and the generator to be used.

For details of the schema configuration see Schema.

Secret Schema detection

The schema files are usually detected for charts via the version stream at versionStream/charts/$repoName/$chartName/secret-schema.yaml

If you are adding your own charts and want your own secret schemas outside of the version stream then you can place them at: charts/$repoName/$chartName/secret-schema.yaml.

Though we would welcome contributions to the version stream so that we can add common secret schemas for popular helm charts so that they just work OOTB with external secrets.

Mappings

When using the jx-secret convert command to generate ExternalSecret CRDs you may wish to use a custom mapping of Secret names and data keys to key/properties in Vault.

To do this just create a .jx/secret/mapping/secret-mapping.yaml file in your directory tree when running the command.

You can then customise the key and/or property values that are used in the generated ExternalSecret CRDs

For more details see the Mapping Configuration Reference

Reference Guides

Commands

See the jx-secret command reference

Configuration

The configuration file formats and schema references are here: