This project provides a utility script to convert .env files to Kubernetes Sealed Secrets. It's useful for developers who want to maintain Kubernetes Secrets in a .env file format during development, and then convert them to Sealed Secrets for use in a Kubernetes cluster.
- Python 3.7 or later
kubeseal
- Clone this repository:
git clone https://github.com/dokdo2013/dotenv-to-sealed-secrets.git
cd dotenv-to-sealed-secrets- Install the required packages:
pip install -r requirements.txtTo convert a .env file to Sealed Secrets, run the script with the path to the .env file:
python3 script.py [--source <.env file path>] [--name <Secret name>] [--namespace <Secret namespace>] [--controller-name <controller name>] [--controller-namespace <controller namespace>] [--scope <scope of sealed secret>] [--print-none] [--output]The script supports the following options:
--source: Path to the .env file. If not provided, it defaults to '.env' in the current directory.--name: Name of the Secret. If not provided, it defaults to 'mysecret'.--namespace: Namespace of the Secret. If not provided, it defaults to 'default'.--controller-name: Controller name for Kubeseal. If not provided, it defaults to 'sealed-secrets'.--controller-namespace: Controller namespace for Kubeseal. If not provided, it defaults to 'kube-system'.--scope: Scope of the sealed secret. If not provided, it defaults to 'cluster-wide'.--print-none: Do not print the sealed secret to stdout. If not set, the sealed secret is printed.--output: Keep the generated secret.yaml and sealed-secret.yaml files. If not set, the files are removed after the secret is sealed.
For more details on these options, run:
python3 script.py --helpYou can also set up an alias for convenience. For example, in your .zshrc or .bashrc, you can add the following line:
alias envto='python3 /path/to/script.py'Then, you can simply use envto path/to/your/.env to run the script.
Remember to reload your shell or run source ~/.zshrc (or source ~/.bashrc) for the changes to take effect.
This project is licensed under the MIT License. See the LICENSE file for details.