GitHub - mxcd/gitops-cli at golang

Name	Name	Last commit message	Last commit date
Latest commit History 49 Commits
.github	.github
.vscode	.vscode
cmd/gitops	cmd/gitops
internal	internal
test_assets	test_assets
.gitignore	.gitignore
.pre-commit-config.yaml	.pre-commit-config.yaml
Dockerfile	Dockerfile
README.md	README.md
TODO.md	TODO.md
go.mod	go.mod
go.sum	go.sum
justfile	justfile

Name

Last commit message

Last commit date

.pre-commit-config.yaml

__             _ __
\ \     ____ _(_) /_____  ____  _____
 \ \   / __ `/ / __/ __ \/ __ \/ ___/
 / /  / /_/ / / /_/ /_/ / /_/ (__  )
/_/   \__, /_/\__/\____/ .___/____/
     /____/           /_/

GitOps CLI

CLI tool for performing GitOps operations

Features

GitOps secret management

The GitOps CLI can handle secrets in a GitOps way. Either by injecting them directly as K8s secrets or by sending them to a vault instance for safekeeping. Either way, the secrets are stored in a Git repository and secured using SOPS.

Secret storage

Secrets are stored in any directory of your git repository. The GitOps CLI will pick up any file that ends with *.gitops.secret.enc.yml or *.gitops.secret.enc.yaml. The secret files must be encrypted using SOPS.

NOTE: Secrets MUST NEVER be committed into version control unencrypted. Therefore, it is very much encouraged to add the following lines to your .gitignore file:

*.secret.yaml
*.secret.yml
*.secret.env

Make sure to follow a strict naming convention for your secret files, in order to keep them matching those patterns.

Secrets file format

The secrets files must follow the following format:

Case 1: Secret for Vault

# target of the secret
target: vault
# name of the secret - will be used as path in vault
name: /my/secret/name
# data of the secret as kv pairs
data:
  key: value

Case 2: Secret for K8s

# target of the secret
target: k8s
# name of the secret
name: my-secret-name
# optional namespace of the secret (default: default)
namespace: my-namespace
# type of the secret (default: Opaque)
type: Opaque
# data of the secret as kv pairs
data:
  key: value

To ensure intercompatibility with K8s and vault, the following rules apply: If the name is not given in the file, the name will be inferred from the filename. The file extension .gitops.secret.enc.y[a]ml will be removed.

my-secret-name.gitops.secret.enc.yaml
# will be applied as
name: my-secret-name

This implies, that the filename must be a valid K8s secret name.

Repository

After the first clone

Pre-commit

Please make sure to follow conventional commits when committing to this repository.
To make one's life easier, a pre-commit config is provided that can be installed with the following command:

pre-commit install --hook-type commit-msg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GitOps CLI

Features

GitOps secret management

Secret storage

Secrets file format

Repository

After the first clone

Pre-commit

About

Uh oh!

Releases 27

Packages

Uh oh!

Uh oh!

Languages

mxcd/gitops-cli

Folders and files

Latest commit

History

Repository files navigation

GitOps CLI

Features

GitOps secret management

Secret storage

Secrets file format

Repository

After the first clone

Pre-commit

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 27

Packages 0

Uh oh!

Uh oh!

Languages

Packages