Minimalistic init system for containers injecting secrets from various secret stores.
- Multi-provider support - Automatically deduces and initializes required secret providers from environment variable references.
- Async loading - Secrets are loaded asynchronously to improve speed.
- Renew secrets - Use daemon mode to renew secrets in the background.
| Supported Providers | Stability |
|---|---|
| Local provider | ✅ Production Ready |
| HashiCorp Vault | ✅ Production Ready |
| OpenBao | 🟡 Beta |
| AWS Secrets Manager / AWS Systems Manager Parameter Store | ✅ Production Ready |
| Google Cloud Secret Manager | ✅ Production Ready |
| Azure Key Vault | ✅ Production Ready |
secret-initis designed for use with the Kubernetes mutating webhook. It can also function as a standalone tool.- Take a look at some of the examples that showcase the use of
secret-init.
Install Go on your computer then run make deps to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Run project dependencies:
make upBuild a binary:
make buildRun the test suite:
make test
make test-e2eRun linters:
make lint # pass -j option to run them in parallelSome linter violations can automatically be fixed:
make fmtBuild artifacts locally:
make artifactsOnce you are done either stop or tear down dependencies:
make stop
# OR
make downThe project is licensed under the Apache 2.0 License.