krypt


Namekrypt JSON
Version 0.1.2 PyPI version JSON
download
home_pageNone
SummaryA helper tool for file encryption in Git repositories primarily aimed at encrypting Kubernetes secrets and other sensitive information to be later used in a CI/CD pipeline
upload_time2024-05-03 17:05:21
maintainerNone
docs_urlNone
authorNone
requires_python>=3.8
licenseNone
keywords ci/cd pipeline encryption gitops kubernetes secrets
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Krypt: GitOps-friendly Secret Management for Kubernetes Clusters

Krypt is a tool designed to streamline secret management within Kubernetes cluster (and pretty much any other) configurations, particularly suited for GitOps workflows. It enables users to securely seal and unseal secrets within cluster configuration folders, ensuring sensitive information remains protected both in transit and at rest.

## Getting Started

To begin using Krypt, follow these simple steps:

1. **Initialization**: Initialize the cluster directory using the `krypt init` command. Provide a passphrase for encryption and specify the path to the cluster directory.
   
    ```bash
    krypt init --passphrase PASSPHRASE /path/to/cluster
    ```

2. **Sealing Secrets**: Seal the secrets within the cluster directory using the `krypt seal` command.

    ```bash
    krypt seal /path/to/cluster
    ```

3. **Commit and Push**: Once sealed, commit the changes to your Git repository and push them upstream. This ensures that the encrypted secrets are securely stored and version controlled.

4. **CI/CD Integration**: In your CI/CD pipeline, use the `krypt unseal` command to unseal the secrets before applying manifests onto the cluster. Pass the passphrase for decryption and specify the path to the cluster directory.

    ```bash
    krypt unseal --passphrase PASSPHRASE /path/to/cluster
    ```

## Usage Guidelines

- Only files with `.kpt.` in the name or those ending with `.kpt` are sealed by Krypt. Other files within the cluster directory remain stored in plaintext. This ensures that only intended secrets are encrypted while maintaining transparency for other configuration files.

- Krypt automatically adds files with `.kpt.` in the name or those ending with `.kpt` to .gitignore to ensure that plaintext secrets are not being committed to the repository.

- It's essential to securely manage and store the passphrase used for sealing and unsealing secrets. Consider using secure key management practices to protect this passphrase.

## Contributing

Contributions to Krypt are welcome! Feel free to open issues for bug reports, feature requests, or any questions you may have. Pull requests are also encouraged for those who would like to contribute directly to the project's development.

## License

Krypt is licensed under the [GPLv3 License](LICENSE), allowing for both personal and commercial use with proper attribution. Refer to the license file for detailed information.

## Acknowledgments

Krypt was inspired by the need for a secure and streamlined approach to managing secrets within Kubernetes clusters, particularly in GitOps workflows. We extend our gratitude to the open-source community for their contributions and support.

---

**Krypt** - Secure Secret Management for Kubernetes Clusters

For more information, visit [Krypt on GitHub](https://github.com/kubertools/krypt)

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "krypt",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": "ci/cd pipeline, encryption, gitops, kubernetes, secrets",
    "author": null,
    "author_email": "Kubermate <168834048+kubermate@users.noreply.github.com>",
    "download_url": "https://files.pythonhosted.org/packages/1f/4e/89bcd8637424a81aefd29ce36906d2117ab57f60ab7ce16c8192f2e30947/krypt-0.1.2.tar.gz",
    "platform": null,
    "description": "# Krypt: GitOps-friendly Secret Management for Kubernetes Clusters\n\nKrypt is a tool designed to streamline secret management within Kubernetes cluster (and pretty much any other) configurations, particularly suited for GitOps workflows. It enables users to securely seal and unseal secrets within cluster configuration folders, ensuring sensitive information remains protected both in transit and at rest.\n\n## Getting Started\n\nTo begin using Krypt, follow these simple steps:\n\n1. **Initialization**: Initialize the cluster directory using the `krypt init` command. Provide a passphrase for encryption and specify the path to the cluster directory.\n   \n    ```bash\n    krypt init --passphrase PASSPHRASE /path/to/cluster\n    ```\n\n2. **Sealing Secrets**: Seal the secrets within the cluster directory using the `krypt seal` command.\n\n    ```bash\n    krypt seal /path/to/cluster\n    ```\n\n3. **Commit and Push**: Once sealed, commit the changes to your Git repository and push them upstream. This ensures that the encrypted secrets are securely stored and version controlled.\n\n4. **CI/CD Integration**: In your CI/CD pipeline, use the `krypt unseal` command to unseal the secrets before applying manifests onto the cluster. Pass the passphrase for decryption and specify the path to the cluster directory.\n\n    ```bash\n    krypt unseal --passphrase PASSPHRASE /path/to/cluster\n    ```\n\n## Usage Guidelines\n\n- Only files with `.kpt.` in the name or those ending with `.kpt` are sealed by Krypt. Other files within the cluster directory remain stored in plaintext. This ensures that only intended secrets are encrypted while maintaining transparency for other configuration files.\n\n- Krypt automatically adds files with `.kpt.` in the name or those ending with `.kpt` to .gitignore to ensure that plaintext secrets are not being committed to the repository.\n\n- It's essential to securely manage and store the passphrase used for sealing and unsealing secrets. Consider using secure key management practices to protect this passphrase.\n\n## Contributing\n\nContributions to Krypt are welcome! Feel free to open issues for bug reports, feature requests, or any questions you may have. Pull requests are also encouraged for those who would like to contribute directly to the project's development.\n\n## License\n\nKrypt is licensed under the [GPLv3 License](LICENSE), allowing for both personal and commercial use with proper attribution. Refer to the license file for detailed information.\n\n## Acknowledgments\n\nKrypt was inspired by the need for a secure and streamlined approach to managing secrets within Kubernetes clusters, particularly in GitOps workflows. We extend our gratitude to the open-source community for their contributions and support.\n\n---\n\n**Krypt** - Secure Secret Management for Kubernetes Clusters\n\nFor more information, visit [Krypt on GitHub](https://github.com/kubertools/krypt)\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "A helper tool for file encryption in Git repositories primarily aimed at encrypting Kubernetes secrets and other sensitive information to be later used in a CI/CD pipeline",
    "version": "0.1.2",
    "project_urls": {
        "Homepage": "https://github.com/kubertools/krypt",
        "Issues": "https://github.com/kubertools/krypt/issues"
    },
    "split_keywords": [
        "ci/cd pipeline",
        " encryption",
        " gitops",
        " kubernetes",
        " secrets"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ccb44b8ebdc7caf66c5e69b38440b42349dd3d4ce0f0bf6a5b962c0cc3a6a8c2",
                "md5": "f03d676f3331b377146174435d7d14ff",
                "sha256": "8b342517db934c536be67dcfdb99d67c551ffbfe95327f45a2b7305b1b485d65"
            },
            "downloads": -1,
            "filename": "krypt-0.1.2-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "f03d676f3331b377146174435d7d14ff",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 27014,
            "upload_time": "2024-05-03T17:05:20",
            "upload_time_iso_8601": "2024-05-03T17:05:20.326981Z",
            "url": "https://files.pythonhosted.org/packages/cc/b4/4b8ebdc7caf66c5e69b38440b42349dd3d4ce0f0bf6a5b962c0cc3a6a8c2/krypt-0.1.2-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1f4e89bcd8637424a81aefd29ce36906d2117ab57f60ab7ce16c8192f2e30947",
                "md5": "b52beb96ec7a6ea72f2767dff373884e",
                "sha256": "2ba9a41d6d303239cb481fedb3d0c265e4cd1ef272aff8acb2ae2452d96d0207"
            },
            "downloads": -1,
            "filename": "krypt-0.1.2.tar.gz",
            "has_sig": false,
            "md5_digest": "b52beb96ec7a6ea72f2767dff373884e",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 22491,
            "upload_time": "2024-05-03T17:05:21",
            "upload_time_iso_8601": "2024-05-03T17:05:21.224336Z",
            "url": "https://files.pythonhosted.org/packages/1f/4e/89bcd8637424a81aefd29ce36906d2117ab57f60ab7ce16c8192f2e30947/krypt-0.1.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-05-03 17:05:21",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "kubertools",
    "github_project": "krypt",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "tox": true,
    "lcname": "krypt"
}
None
Elapsed time: 0.29074s