Minimalistic init system for containers injecting secrets from various secret stores.
- Multi-provider support - Automatically deduces and initializes required secret providers from environment variable references.
- Async loading - Secrets are loaded asynchronously to improve speed.
- Renew secrets - Use daemon mode to renew secrets in the background.
| Supported Providers | Status |
|---|---|
| Local provider | ✅ Implemented |
| HashiCorp Vault | ✅ Implemented |
| OpenBao | ✅ Implemented |
| AWS Secrets Manager | Upcoming |
secret-initis designed for use with the Kubernetes mutating webhook. It can also function as a standalone tool.- Take a look at some of the examples that showcase the use of
secret-init.
For an optimal developer experience, it is recommended to install Nix and direnv.
Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Run project dependencies:
make upBuild a binary:
make buildRun the test suite:
make test
make test-e2eRun linters:
make lint # pass -j option to run them in parallelSome linter violations can automatically be fixed:
make fmtBuild artifacts locally:
make artifactsOnce you are done either stop or tear down dependencies:
make stop
# OR
make downThe project is licensed under the Apache 2.0 License.