Skip to content

mshytikov/kms-secrets

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secrets KMS

Uses Google KMS to encrypt values in YAML/JSON/Text files to be able to store them in Git.

Requirements:

  • docker

You can use plain ruby version. But recommended way is to run it via docker.

Setup:

Make sure you have enough permissions within your Google project in order to to work with KMS. Acquire new user credentials to use for Application Default Credentials

gcloud auth application-default login

Make sure that you have ~/bin in your PATH. Download shortcut to run docker container

curl -L https://raw.githubusercontent.com/Bidmath/kms-secrets/v0.1.0/bin/kms-secrets \
  -o ~/bin/kms-secrets
chmod +x  ~/bin/kms-secrets

Make sure that you understand the content of ~/bin/kms-secrets

Usage:

To encrypt for the first time:

kms-secrets encrypt \
  --project=my-project \
  --key_ring=my-keyring \
  --key_name=my-key \
  path/to/src/config-unencrypted.yaml
  path/to/dest/config-encrypted.yaml

To edit encrypted file (in VIM):

kms-secrets edit path/to/config-encrypted.yaml

To view (in less):

kms-secrets view path/to/config-encrypted.yaml

To decrypt:

kms-secrets decrypt \
  path/to/src/config-encrypted.yaml
  path/to/dest/config-unencrypted.yaml

Decrypting is skipped if checksum of target (unencrypted) file matches one stored in metadata of encrypted. It also validates checksums after decrypting (if one took place)

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 98.0%
  • Shell 2.0%