#328 Decrypt base64 encoded SOPS encrypted secrets #328

bob.rohan · Bob Rohan · commit adb196d60c1d · 2021-04-28T11:45:38.000+01:00
add Kustomize secretGenerator steps to docs

Signed-off-by: Bob Rohan &lt;bob.rohan@hodge.co.uk&gt;
diff --git a/docs/spec/v1beta1/kustomization.md b/docs/spec/v1beta1/kustomization.md
@@ -962,6 +962,25 @@ spec:
       name: sops-age
 ```
 
+### Kustomize secretGenerator
+
+`sops` encrypted data can be stored as a base64 encoded Secret, which enables use of kustomize secretGenerator as follows.
+
+```console
+$ echo "day=Tuesday" | sops -e /dev/stdin > day.txt.encrypted
+$ cat <<EOF > kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+secretGenerator:
+ - name: day-secret
+   files:
+   - ./day.txt.encrypted
+EOF
+```
+
+Commit and push `day.txt.encrypted` and `kustomization.yaml` to Git.
+
 ## Status
 
 When the controller completes a Kustomization apply, reports the result in the `status` sub-resource.
