Kubernetes 4 of ?? - rotate secrets (#991)

2026-01-08 23:18:15 -05:00 · 2018-11-29 09:35:17 -05:00
parent b9c8e65884
commit 108d05110d
21 changed files with 234 additions and 68 deletions
--- a/tools/BUILD.bazel
+++ b/tools/BUILD.bazel
--- a/tools/kubesec.bzl
+++ b/tools/kubesec.bzl
@@ -0,0 +1,29 @@
+"""TODO: Add doc here"""
+
+load("@k8s_secret//:defaults.bzl", "k8s_secret")
+
+def _k8s_encrypted_secret_impl(ctx):
+  ctx.actions.run_shell(
+    inputs = [ctx.file.template],
+    outputs = [ctx.outputs.out],
+    progress_message = "Decrypting %s" % ctx.file.template,
+    tools = [ctx.executable._kubesec],
+    command = "%s decrypt %s > %s" % (ctx.executable._kubesec.path, ctx.file.template.path, ctx.outputs.out.path)
+  )
+
+k8s_encrypted_secret = rule(
+    implementation = _k8s_encrypted_secret_impl,
+    attrs = {
+      "_kubesec": attr.label(
+        executable = True,
+        cfg = "host",
+        default = "@com_github_shyiko_kubesec//:kubesec",
+      ),
+      "template": attr.label(
+          allow_files = True, 
+          single_file = True, 
+          mandatory = True
+      ),
+      "out": attr.output(mandatory = True),
+    },
+)