9a608de653
Design document: https://docs.google.com/document/d/1EjiCuXoiy8DEEXe15KxVJ4iWrwogCyG113_0LdzcWzQ/edit?usp=drive_web&ouid=102644738301620637153 Demo readme: https://hackmd.io/@WE7PUWXBRVeQJzCZkXkOLw/ryoW-aOLv This patchset comprises of: - package library to interact with sops - integrate airshipctl encrypt/decrypt with sops Change-Id: I2ca3ff3c8661d146708084728cb3f87365a4f39e
47 lines
1.3 KiB
Markdown
47 lines
1.3 KiB
Markdown
## airshipctl secret encrypt
|
|
|
|
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
|
|
|
|
### Synopsis
|
|
|
|
Encrypt plain text yaml files representing Kubernetes objects consisting of sensitive configuration.
|
|
|
|
```
|
|
airshipctl secret encrypt [flags]
|
|
```
|
|
|
|
### Examples
|
|
|
|
```
|
|
|
|
# Encrypt all kubernetes objects in the manifests directory.
|
|
airshipctl secret encrypt
|
|
|
|
# Encrypt file from src and write to a different dst file
|
|
airshipctl secret encrypt \
|
|
--src /tmp/manifests/target/secrets/qualified-secret.yaml \
|
|
--dst /tmp/manifests/target/secrets/encrypted-qualified-secret.yaml
|
|
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
|
|
-h, --help help for encrypt
|
|
--kubeconfig string Path to kubeconfig associated with cluster being managed
|
|
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
|
|
--debug enable verbose output
|
|
```
|
|
|
|
### SEE ALSO
|
|
|
|
* [airshipctl secret](airshipctl_secret.md) - Manage secrets
|
|
|