secrestの管理する際に使えるツールkubesecを使ってみた記事
概要/インストール
secrestの管理する際に使えるツールkubesecを使ってみた記事
brew install shyiko/kubesec/kubesec brew install shyiko/kubesec/kubesec --with-short-name # install as "ksec"
使ってみる
元データを生成。helloとpasswordをbase64でエンコードしてsecretsのmanifestを生成しておく。
❯ echo -n "hello" | base64 aGVsbG8= ❯ echo -n "password" | base64 cGFzc3dvcmQ= LANG=C gpg --gen-key gpg (GnuPG) 2.2.26; Copyright (C) 2020 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: wat Name must be at least 5 characters long Real name: watanabe Email address: ryucrosskey@gmail.com You selected this USER-ID: "watanabe <ryucrosskey@gmail.com>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /Users/ryuichi/.gnupg/trustdb.gpg: trustdb created gpg: key 03C1DC1D02CE3215 marked as ultimately trusted gpg: directory '/Users/ryuichi/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/Users/ryuichi/.gnupg/openpgp-revocs.d/A438A25678C3CD138A95E82A03C1DC1D02CE3215.rev' public and secret key created and signed. pub rsa3072 2021-01-02 [SC] [expires: 2023-01-02] A438A25678C3CD138A95E82A03C1DC1D02CE3215 uid watanabe <ryucrosskey@gmail.com> sub rsa3072 2021-01-02 [E] [expires: 2023-01-02]
暗号化
apiVersion: v1 data: password: il/3cLrKjpIlvorFLoDFGoVea+qZDf2qt/baerrAwCNDF7gX7vEtbbMShGPOj4ED.xGeuyVHG0jCBZYP/.EeFQnNb4HZYC3c9OXlizuA== username: kVuw9IOqqDIg/mOQJyCJG2zkvfu9GI6YfgSQirBOA10M+273km7dL1Hxd5dztgEq.R7mn4AGup5onLW6U.cwKeSC7llCbgRHz7+Y9BVg== kind: Secret metadata: name: mysecret type: Opaque # kubesec:v:3 # kubesec:pgp:A438A25678C3CD138A95E82A03C1DC1D02CE3215:LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpoUUdNQTdwWDJEd2FGWmc3QVF2K0wvRDJrL2QzdDAzW(省略)= # kubesec:mac:3mQIkIUj3aXVrPRn.StJvMN8WO0TPo/nD+n5Rdw==