README
¶
SLV - Secure Local Vault
Securely store, share, and access secrets alongside the codebase.
SLV is designed based on the following key principles
- Anyone can add or update secrets, however will not be able to read them unless they have access to the vault
- An environment should have a single identity that will give access to all necessary secrets from any vault shared with it
Installation
Download the latest SLV binary from the releases page and add it to your path.
Homebrew
SLV can be installed with brew using the following command on macOS
brew install amagioss/slv/slv
Install Script
Install Latest Version
With Shell (MacOs/Linux):
curl -fsSL https://oss.amagi.com/slv/install.sh | sh
With PowerShell (Windows):
irm https://oss.amagi.com/slv/install.ps1 | iex
Install Specific Version
With Shell (MacOs/Linux):
curl -fsSL https://oss.amagi.com/slv/install.sh | sh -s v0.1.7
With PowerShell (Windows):
$v="0.1.7"; irm https://oss.amagi.com/slv/install.ps1 | iex
Docker
You can also run SLV without installing using Docker:
docker run -it --rm -v $PWD:/workspace ghcr.io/amagioss/slv:latest version
Usage
Create a new profile
$ slv profile new -n amagi
Created profile: amagi
Create a new environment
$ slv env new service -n alice -e [email protected] --add
Public Key: SLV_EPK_AEAUKAAAAD6XTJCYBCIHYKDPPHQN3YNDEVBOFCOIVDMGESLJFH65KG3VULVBK
Name: alice
Email: [email protected]
Tags: []
------------------------------------------------------------
Env Definition: SLV_EDS_AF4JYNGKJ5FYMMA4YDY7P4R3JOLYPHWDJZWW57U35FBB26MSWV7MQYC3UIUUT5G6IOROHF7P44N5J7XGTWKXQAUBV3LJGUDSUKBA5ESSJL473NNP2KI2KZJRJKXFJ4OS3TDIMC6N3IWG2S6NT5Z5DVKVK3OB6ZL62NB23GMEAQNBGEAIDDXSYQQCEIMOP773BG7UYWB4H3MI64F5PD2OO4XJBXL6HT7XM3PIBRG57MCDVNBLPYZBPX25TSAQB7H4AYAAB777D2YDPOA
Secret Key: SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
Create a vault
- To create a vault and share it with the environment
alice, use the following command
$ slv vault new -v test.slv.yaml -s alice
Created vault: test.slv.yaml
- To create a K8s compatible vault, use the following command
$ slv vault new -v test.slv.yaml -s alice --k8s production
Created vault: test.slv.yaml
Add secrets to the vault
$ slv vault put -v test.slv.yaml -n db_password -s "super_secret_pwd"
Added secret: db_password to vault: test.slv.yaml
Get secrets from the vault
Set the environment variable SLV_ENV_SECRET_KEY to the secret key generated in the previous step
$ export SLV_ENV_SECRET_KEY=SLV_ESK_AEAEKAAATI5CXB7QMFSUGY4RUT6UTUSK7SGMIECTJKRTQBFY6BN5ZV5M5XGF6DWLV2RVCJJSMXH43DJ6A5TK7Y6L6PYEMCDGQRBX46GUQPUIYUQ
$ slv vault get -v test.slv.yaml -n db_password
super_secret_pwd
Share the vault with other environments
Ensure that the current environment has access to the vault in order to share it with other environments
$ slv vault share -v test.slv.yaml -s bob
Shared vault: test.slv.yaml
Once shared, the other environments can access the vault using their respective secret keys
Integrations
Some of the integrations that SLV currently supports are:
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAllVaultData ¶ added in v0.5.5
GetAllVaultData returns all secrets from the vault
func GetVaultData ¶ added in v0.5.5
GetVaultData returns a named secret from the vault
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
k8s/api/v1
Package v1 contains API Schema definitions for the slv v1 API group +kubebuilder:object:generate=true +groupName=slv.oss.amagi.com
|
Package v1 contains API Schema definitions for the slv v1 API group +kubebuilder:object:generate=true +groupName=slv.oss.amagi.com |