A utility for SUSE Cloud Foundry for generating secrets based on the role manifest.
It works in conjunction with the fissile project.
These secrets are described in the variables
section, and will
be generated if they have secret: true
properties and non-empty type
properties.
It can generate:
- passwords
- SSL certificates
- SSH keys
It will not overwrite existing secrets, so is safe to run between upgrades.
scf-secret-generator is meant to run inside a pre-flight Kubernetes job.
This job should have the KUBERNETES_NAMESPACE
environment variable set, and
will create or update the secret called secret
inside that namespace.
After that job has finished, you should be able to see that the secrets have been populated:
kubectl -n $(KUBERNETES_NAMESPACE) get secret secret -o yaml
Note that Kubernetes returns these values as base64 encoded, so they must be base64 decoded before using.
A modern Go version is required. The version used in SCF is described in the package spec.
go build
will create the binary.