This module creates a Kubernetes secrets using a SOPS-encrypted file as a source for the .data portion of a Kubernetes secret.
If you want to create this Kubernetes secret:
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: test
data:
username: VVNFUk5BTUUK
password: UEFTU1dPUkQKthe secret SOPS file should be like:
---
username: USERNAME
password: PASSWORDand encrypted with SOPS:
$ sops --encrypt --kms arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e secrets.yamlnamespaces = ["staging", "production"]
name = "supersecret"
annotations = {
all = {
"this-annotation" = "applies to all namespaces"
}
production = {
"this-annotation" = "only applies to production namespace"
}
}| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| kubernetes | >= 2.0 |
| sops | >= 0.6.3 |
| Name | Version |
|---|---|
| kubernetes | >= 2.0 |
| sops | >= 0.6.3 |
No modules.
| Name | Type |
|---|---|
| kubernetes_secret.secret | resource |
| sops_file.secret | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| annotations | Annotations for the secret | map(map(string)) |
{ |
no |
| file | Name of the encrypted file | string |
n/a | yes |
| labels | Labels for the secret | map(map(string)) |
{ |
no |
| name | Name of the secret | string |
n/a | yes |
| namespaces | Namespace to create the secret | set(string) |
[ |
no |
| type | Kubernetes type of secret | string |
"Opaque" |
no |
| Name | Description |
|---|---|
| keys | List of keys for the Kubernetes secret |
| name | Secret's name |
| namespaces | Secret's namespaces |