2025-09-03 16:32:44 +03:00
|
|
|
# Secret Reader
|
|
|
|
|
|
|
|
|
|
Kubernetes secret viewer with TOTP support.
|
2025-09-03 16:37:10 +03:00
|
|
|
|
|
|
|
|
|
2025-09-03 16:36:59 +03:00
|
|
|
<img height="250" alt="image" src="https://github.com/user-attachments/assets/a16b4d8e-b51b-4e2f-934a-8699bbdd90e3" />
|
2025-09-03 16:32:44 +03:00
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
|
|
- View Kubernetes secrets in web UI
|
|
|
|
|
- Auto-generate TOTP codes from otpauth:// URLs
|
|
|
|
|
- Copy values with one click
|
2025-12-29 02:50:43 +00:00
|
|
|
- Show secrets sent via /webhook endpoint in json like `{"name":"Login Code","fields":{"Code":"12345678","another field":"some content"}}`
|
2025-09-03 16:32:44 +03:00
|
|
|
|
|
|
|
|
## Deploy
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
kubectl apply -f service-account.yaml
|
|
|
|
|
kubectl apply -f rbac.yaml
|
|
|
|
|
kubectl apply -f deployment.yaml
|
|
|
|
|
kubectl apply -f service.yaml
|
|
|
|
|
```
|
|
|
|
|
|
2025-09-15 15:00:23 +03:00
|
|
|
## Security
|
|
|
|
|
|
|
|
|
|
⚠️ **The service has no built-in authentication**. Use a proxy for auth (nginx, oauth2-proxy, etc).
|
|
|
|
|
|
2025-09-03 16:32:44 +03:00
|
|
|
## Configuration
|
|
|
|
|
|
|
|
|
|
Edit `deployment.yaml` to specify which secrets to display:
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
args:
|
|
|
|
|
- "--secrets"
|
|
|
|
|
- "secret1,secret2"
|
2025-09-03 16:34:29 +03:00
|
|
|
- "--namespace"
|
|
|
|
|
- "k8s-secrets"
|
2025-09-03 16:32:44 +03:00
|
|
|
```
|
2025-09-15 15:00:23 +03:00
|
|
|
|
|
|
|
|
## API Usage
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
# Get secret field as plaintext
|
|
|
|
|
curl "http://localhost:3000/secret?name=my-secret&field=password"
|
|
|
|
|
```
|
