kubekrypt 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/Gemfile.lock +8 -8
- data/README.md +4 -4
- data/kubekrypt.gemspec +1 -1
- data/lib/kubekrypt/cli.rb +5 -1
- data/lib/kubekrypt/version.rb +1 -1
- data/lib/kubekrypt.rb +1 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7ee41bf27949d30c248edf9265aaf3e07b69a2b0e97a3628762c565d307178af
|
|
4
|
+
data.tar.gz: 4ca26491253fdbdc5c8a2725f4b32485173641b6831480ae9c8a930b56667361
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 36b12a1abfef9e3b162b4e9a0444d215857754c92dd6782a5f5e7e2b10640d62c45b7470a402697808149e1fd1eef550c14de39053e7bd5c893d638f6867c81d
|
|
7
|
+
data.tar.gz: 367197f8594c08546e51fc551031bd038acab8c21e392e1ed1f1ecf48ce2da5c6dfb19e1ce1d86de99edce091ab66ebdf32c8e1a8733d68de63266668b0d01f1
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
kubekrypt (2.0.
|
|
4
|
+
kubekrypt (2.0.1)
|
|
5
5
|
google-cloud-kms
|
|
6
6
|
thor (~> 1.0)
|
|
7
7
|
yaml
|
|
@@ -11,7 +11,7 @@ GEM
|
|
|
11
11
|
specs:
|
|
12
12
|
addressable (2.8.7)
|
|
13
13
|
public_suffix (>= 2.0.2, < 7.0)
|
|
14
|
-
ast (2.4.
|
|
14
|
+
ast (2.4.3)
|
|
15
15
|
base64 (0.2.0)
|
|
16
16
|
bigdecimal (3.1.9)
|
|
17
17
|
coderay (1.1.3)
|
|
@@ -61,11 +61,11 @@ GEM
|
|
|
61
61
|
google-protobuf (4.30.1)
|
|
62
62
|
bigdecimal
|
|
63
63
|
rake (>= 13)
|
|
64
|
-
googleapis-common-protos (1.
|
|
64
|
+
googleapis-common-protos (1.7.0)
|
|
65
65
|
google-protobuf (>= 3.18, < 5.a)
|
|
66
66
|
googleapis-common-protos-types (~> 1.7)
|
|
67
67
|
grpc (~> 1.41)
|
|
68
|
-
googleapis-common-protos-types (1.
|
|
68
|
+
googleapis-common-protos-types (1.19.0)
|
|
69
69
|
google-protobuf (>= 3.18, < 5.a)
|
|
70
70
|
googleauth (1.14.0)
|
|
71
71
|
faraday (>= 1.0, < 3.a)
|
|
@@ -78,7 +78,7 @@ GEM
|
|
|
78
78
|
grpc (1.71.0)
|
|
79
79
|
google-protobuf (>= 3.25, < 5.0)
|
|
80
80
|
googleapis-common-protos-types (~> 1.0)
|
|
81
|
-
grpc-google-iam-v1 (1.
|
|
81
|
+
grpc-google-iam-v1 (1.10.0)
|
|
82
82
|
google-protobuf (>= 3.18, < 5.a)
|
|
83
83
|
googleapis-common-protos (~> 1.4)
|
|
84
84
|
grpc (~> 1.41)
|
|
@@ -99,7 +99,7 @@ GEM
|
|
|
99
99
|
uri
|
|
100
100
|
os (1.1.4)
|
|
101
101
|
parallel (1.26.3)
|
|
102
|
-
parser (3.3.7.
|
|
102
|
+
parser (3.3.7.2)
|
|
103
103
|
ast (~> 2.4.1)
|
|
104
104
|
racc
|
|
105
105
|
pp (0.6.2)
|
|
@@ -144,8 +144,8 @@ GEM
|
|
|
144
144
|
rubocop-ast (>= 1.38.0, < 2.0)
|
|
145
145
|
ruby-progressbar (~> 1.7)
|
|
146
146
|
unicode-display_width (>= 2.4.0, < 4.0)
|
|
147
|
-
rubocop-ast (1.
|
|
148
|
-
parser (>= 3.3.
|
|
147
|
+
rubocop-ast (1.41.0)
|
|
148
|
+
parser (>= 3.3.7.2)
|
|
149
149
|
rubocop-rake (0.7.1)
|
|
150
150
|
lint_roller (~> 1.1)
|
|
151
151
|
rubocop (>= 1.72.1)
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
# KubeKrypt
|
|
4
4
|
|
|
5
|
-
A command-line tool for securely encrypting and decrypting Kubernetes Secret manifests using KMS encryption keys.
|
|
5
|
+
A command-line tool for securely encrypting and decrypting Kubernetes Secret manifests using Google Cloud KMS encryption keys.
|
|
6
6
|
|
|
7
7
|
## Overview
|
|
8
8
|
|
|
@@ -10,7 +10,7 @@ KubeKrypt provides a simple and secure way to manage sensitive information in Ku
|
|
|
10
10
|
|
|
11
11
|
## Features
|
|
12
12
|
|
|
13
|
-
- **Secure Encryption**: Uses KMS to encrypt sensitive data in Kubernetes Secret manifests
|
|
13
|
+
- **Secure Encryption**: Uses Google Cloud KMS to encrypt sensitive data in Kubernetes Secret manifests
|
|
14
14
|
- **Simple Interface**: Easy-to-use CLI commands for encryption and decryption
|
|
15
15
|
- **Metadata Tracking**: Embeds metadata in encrypted files for tracking and verification
|
|
16
16
|
- **Stdout Integration**: Outputs to standard out for easy piping and redirection
|
|
@@ -57,7 +57,7 @@ kubekrypt version
|
|
|
57
57
|
- Validates that it's a proper Kubernetes Secret
|
|
58
58
|
- Ensures it's not already encrypted
|
|
59
59
|
- Decodes base64 values to get raw data
|
|
60
|
-
- Uses KMS to encrypt sensitive data
|
|
60
|
+
- Uses Google Cloud KMS to encrypt sensitive data
|
|
61
61
|
- Re-encodes with base64 as needed
|
|
62
62
|
- Adds metadata about the encryption
|
|
63
63
|
- Outputs the encrypted YAML
|
|
@@ -70,7 +70,7 @@ kubekrypt version
|
|
|
70
70
|
|
|
71
71
|
## Security
|
|
72
72
|
|
|
73
|
-
KubeKrypt never stores encryption keys locally. All encryption and decryption operations are performed using KMS, ensuring that key material is never exposed.
|
|
73
|
+
KubeKrypt never stores encryption keys locally. All encryption and decryption operations are performed using Google Cloud KMS, ensuring that key material is never exposed.
|
|
74
74
|
|
|
75
75
|
## Requirements
|
|
76
76
|
|
data/kubekrypt.gemspec
CHANGED
|
@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.authors = ['Krzysztof Knapik']
|
|
9
9
|
spec.email = ['knapo@knapo.net']
|
|
10
10
|
|
|
11
|
-
spec.summary = 'KubeKrypt provides seamless encryption and decryption of
|
|
11
|
+
spec.summary = 'KubeKrypt provides seamless encryption and decryption of Kubernetes Secret menifests using Google Cloud KMS'
|
|
12
12
|
spec.homepage = 'https://github.com/knapo/kubekrypt'
|
|
13
13
|
spec.license = 'MIT'
|
|
14
14
|
|
data/lib/kubekrypt/cli.rb
CHANGED
|
@@ -16,7 +16,8 @@ module KubeKrypt
|
|
|
16
16
|
yaml_content = File.read(file_path)
|
|
17
17
|
content = YAML.safe_load(yaml_content)
|
|
18
18
|
key_name = options.fetch(KMS_KEY)
|
|
19
|
-
|
|
19
|
+
|
|
20
|
+
raise AlreadyEncrytpedError, "#{file_path} is already encrypted" if content['kubekrypt']
|
|
20
21
|
|
|
21
22
|
result = KubeKrypt::Encryptor.call(content:, key_name:)
|
|
22
23
|
puts result
|
|
@@ -28,6 +29,9 @@ module KubeKrypt
|
|
|
28
29
|
yaml_content = File.read(file_path)
|
|
29
30
|
content = YAML.safe_load(yaml_content)
|
|
30
31
|
base64 = options.fetch(:base64, false)
|
|
32
|
+
|
|
33
|
+
raise NotEncrytpedError, "#{file_path} is not encrypted" unless content['kubekrypt']
|
|
34
|
+
|
|
31
35
|
result = KubeKrypt::Decryptor.call(content:, base64:)
|
|
32
36
|
puts result
|
|
33
37
|
end
|
data/lib/kubekrypt/version.rb
CHANGED
data/lib/kubekrypt.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubekrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Krzysztof Knapik
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-03-
|
|
10
|
+
date: 2025-03-21 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: google-cloud-kms
|
|
@@ -96,8 +96,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
97
|
version: '0'
|
|
98
98
|
requirements: []
|
|
99
|
-
rubygems_version: 3.6.
|
|
99
|
+
rubygems_version: 3.6.6
|
|
100
100
|
specification_version: 4
|
|
101
|
-
summary: KubeKrypt provides seamless encryption and decryption of
|
|
102
|
-
|
|
101
|
+
summary: KubeKrypt provides seamless encryption and decryption of Kubernetes Secret
|
|
102
|
+
menifests using Google Cloud KMS
|
|
103
103
|
test_files: []
|