envwarden is a simple open-source script that lets you manage your server secrets with Bitwarden.
Here’s a simple way to update your Kubernetes secrets directly from envwraden, so they are always in-sync.
In this example, we would create a Bitwarden entry called production-secrets, and inside it, define our secrets as custom fields. Each custom fields holds a secret, e.g. MY_SECRET=shush, PASSWORD=I'm not telling.
We want to create a matching secret in Kubernetes, with the same name (production-secrets), that we want to import our secrets into. Note: Kubernetes refers to a “secret” as a collection of individual secrets. This is similar to how we manage a collection of secrets in one Bitwarden entry.
After our Bitwarden secrets are created, we save them into a .env file, using envwarden:
envwarden --search production-secrets --dotenv-docker > /path/to/.envThen, we create a matching Kubernetes secret, and import our .env into it.
kubectl create secret generic production-secrets --from-env-file=/path/to/.env --dry-run -o yaml | kubectl apply -f -Once the Kubernetes secret is created, whenever we want to update it, we can run the same commands to push any updates to Kubernetes:
# get our secrets into the .env file
envwarden --search production-secrets --dotenv-docker > /path/to/.env
# update our kubernetes secrets
kubectl create secret generic production-secrets --from-env-file=/path/to/.env --dry-run -o yaml | kubectl apply -f -
# optional, but probably recommended, we remove the .env from our system
rm /path/to/.envAnd that’s it! :)
