Unseal with --raw #1485
Comments
agarcia-oss
added
enhancement
good first issue
and removed
triage
|
Hi @vavsab looks like a good improvement and we'll be happy to review a PR if you'd like to send it! |
|
@agarcia-oss Was there a reason to use stdin for |
|
the original reason for passing secrets in stdin instead of passing them as literal in params is that the latter causes secrets to be visible in /proc and saved in shell histories. I know there are cases when somebody doesn't care about that so it's perfectly fine to add an option to pass a secret literal on the cmdline, I just didn't want to have that to be the first and most illustrated way of doing it |
|
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback. |
|
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback. |
|
Due to the lack of activity in the last 7 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary. |
Which component:
kubeseal
Is your feature request related to a problem? Please describe.
I really enjoy raw mode for encrypting a single value
echo -n "MY_SECRET_VALUE" | ./kubeseal --cert ./MY_CERT.crt --namespace MY_NAMESPACE --scope namespace-wide --rawIt would be really nice to have exactly same unseal functionality
echo -n "ENCRYPTED_VALUE" | ./kubeseal --recovery-unseal --recovery-private-key ./MY_KEY.key --namespace MY_NAMESPACE --scope namespace-wide --rawDescribe the solution you'd like
I can make a PR if you are ok with this idea.
Describe alternatives you've considered
I can provide the whole SealedSecret but usually I'm interested only in a single value.
Additional context
The text was updated successfully, but these errors were encountered: