Please note: We take security and users' trust seriously. If you believe you have found a security issue in Trousseau, please responsibly disclose by following the security policy.

This is the home of Trousseau, an open-source project leveraging the Kubernetes KMS provider framework to connect with Key Management Services the Kubernetes native way!

• Website: https://trousseau.io
• Announcement & Forum: GitHub Discussions
• Documentation: GitHub Wiki
• Hands-on lab: Tutorial
• Recording of the hands-on lab: DoK London Meetup

Kubernetes platform users are all facing the very same question: how to handle Secrets?

While there are significant efforts to improve Kubernetes component layers, the state of Secret Management is not receiving much interests. Using etcd to store API object definition & states, Kubernetes secrets are encoded in base64 and shipped into the key value store database. Even if the filesystems on which etcd runs are encrypted, the secrets are still not.

Instead of leveraging the native Kubernetes way to manage secrets, commercial and open source solutions solve this design flaw by leveraging different approaches all using different toolsets or practices. This leads to training and maintaining niche skills and tools increasing cost and complexity of Kubernetes.

Once deployed, Trousseau will enable seamless secret management using the native Kubernetes API and kubectl CLI usage while leveraging an existing Key Management Service (KMS) provider.

How? By using using the Kubernetes KMS provider framework to provide an envelop encryption scheme to encrypt secrets on the fly.

The name trousseau comes from the French language and is usually associated with keys like in trousseau de clés meaning keyring.

The following blog post provides an overview of a production use case for a Hong Kong based Service Provider leveraging Suse, RKE2, HashiCorp Vault and Trousseau to secure their workload hosted for Government agencies:

• https://www.ondat.io/news/trousseau-open-source-project-made-available-to-add-security-in-kubernetes

The roadmap items are described within user story 50
Trousseau's roadmap milestone for v2 [here](https://github.com/orgs/ondat/projects/1/views/4](https://github.com/ondat/trousseau/milestone/2).

We love your input! We want to make contributing to this project as easy and transparent as possible. You can find the full guidelines here.

Please reach out for any questions or issues via one the following channels:

• Raise an issue or PR
• Join us on Slack
• Follow us on Twitter @ondat_io

Trousseau is under the Apache 2.0 license. See LICENSE file for details.