Feature: sops publish to kubernetes secrets

[koalalorenzo]

I have been using SOPS extensively in the past, and it would be super nice if the command
sops publish would be able to upload files content to k8s secrets.

At the moment I am encrypting the full or partial manifest, and then I have to run:

sops -d ./whatever.sops.yaml | kubectl apply -f -

Though, it would be nice to find a solution to use just one command.

The proper way to do this might be using external-secrets, but for now this is just done for my homelab setup, and I am trying to avoid overcomplicating things, or just adding extra operators/software running just to solve something simple. sops publish can push to hashicorp vault, and then external secrets can fetch it from there, but I wish I could skip those two component and keep it simple stupid :D

[klaernie]

I'm using sops-secrets-operator to more or less directly upload sops encrypted files directly as K8s resources: https://github.com/isindir/sops-secrets-operator. They are then unpacked into concrete K8s secrets by the operator.

The key benefit there is, that the secrets do not need to be decrypted before they reach the Kubernetes API, so it is also very neat to store the encrypted credential in the config repo next to the k8s manifests defining the application, and deploy them all together at the same time with kubectl apply, only made easier by referencing the SopsSecret resource directly in a Kustomization.

I know that this probably not exactly covers the use case you have in mind, but is fairly similar and highly robust.