diff --git a/EXAMPLE.md b/EXAMPLE.md index 22cb756..6f458cb 100644 --- a/EXAMPLE.md +++ b/EXAMPLE.md @@ -2,8 +2,8 @@ To get familiarized, we will show how you can use these tools to answer two questions: -- How do I sync secrets from one store to another? -- How do I consume secrets to bootstrap my configs? +- **Ops**: How do I synchronize secrets from one secret storage systems to another? +- **Dev**: How do I consume secrets to bootstrap my application? To answer the first question, we shall create some database secrets and synchronize them into Vault.
For the second question, we will use some secrets from Vault to create an access file for an application. @@ -31,7 +31,7 @@ alias secret-sync="docker run --rm -v /tmp:/tmp ghcr.io/bank-vaults/secret-sync: ### 2. Define secret stores -Documentation and examples on how to use different secret stores can be found in chapter [Secret Store](#secret-store). +Documentation and examples on how to use different secret stores can be found in chapter [Secret Store](README.md#secret-store). #### 2.1. Local store Create a directory and a config file to use as the _local secret store_. @@ -65,7 +65,7 @@ EOF ``` ### 3. Define sync plans -Documentation and examples on how to create a more extensive sync plan can be found in chapter [Sync Plan](#sync-plan). +Documentation and examples on how to create a more extensive sync plan can be found in chapter [Sync Plan](README.md#sync-plan). #### 3.1. Database secrets Define a sync plan for `db-host`, `db-user`, `db-pass` secrets. @@ -120,7 +120,7 @@ echo -n "very-secret-password" > /tmp/example/local-store/db-pass ### 5. Perform sync -Secret synchronization is performed using the [CLI](#syncing-with-cli) by executing the sync plan between source and target secret stores. +Secret synchronization is performed using the [CLI](README.md#running-the-synchronization) by executing the sync plan between source and target secret stores. #### 5.1. Database secrets diff --git a/README.md b/README.md index 00f7faa..2f71288 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,11 @@ # Secret Sync - -[![go.dev - references](https://img.shields.io/badge/go.dev-references-047897)](https://pkg.go.dev/github.com/bank-vaults/secret-sync) [![Go Report Card](https://goreportcard.com/badge/github.com/bank-vaults/secret-sync?style=flat-square)](https://goreportcard.com/report/github.com/bank-vaults/secret-sync) -[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fbank-vaults%2Fsecret-sync.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fbank-vaults%2Fsecret-sync?ref=badge_shield) [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/bank-vaults/secret-sync/ci.yaml?branch=main&style=flat-square)](https://github.com/bank-vaults/secret-sync/actions/workflows/ci.yaml?query=workflow%3ACI) +![Go Version](https://img.shields.io/badge/go%20version-%3E=1.21-61CFDD.svg?style=flat-square) +[![go.dev - references](https://pkg.go.dev/badge/mod/github.com/bank-vaults/vault-sdk)](https://pkg.go.dev/mod/github.com/bank-vaults/vault-sdk) -Secret Sync exposes a generic way to interact with external secret storage systems like -[HashiCorp Vault](https://www.vaultproject.io/), [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/), [Google Secrets Manager](https://cloud.google.com/secret-manager), [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/), and others. -In addition, it also provides a set of API models and custom resources to explicitly manage the synchronization of secrets between these stores. +**Secret Sync** exposes a generic way to interact with external secret storage systems like [HashiCorp Vault](https://www.vaultproject.io/) and provides a set of API models to interact and orchestrate the synchronization of secrets between them. This name was chosen in a rush, we are open to naming suggestions 😄 @@ -21,23 +18,26 @@ This name was chosen in a rush, we are open to naming suggestions 😄 ## Features -- Seamless integration with a variety of secret storage systems (stores) -- User-friendly API for defining synchronization actions on a secret-level -- Advanced templating capabilities for defining and transforming secrets -- Facilitate interaction between stores using Golang packages or the CLI - +- Simple integration with a variety of secret storage systems +- User-friendly API to facilitate interaction between different storage systems +- Pipeline-like syntax for defining synchronization actions on a secret level +- Advanced templating capabilities for transforming secrets -| **Supported store** | **Status** | -|------------------------------------|------------| -| [HashiCorp's Vault](#secret-store) | _alpha_ | -| [Local](#secret-store) | _alpha_ | +| **Supported store** | **Status** | +|--------------------------------------------------------------------------|--------| +| [HashiCorp Vault](https://www.vaultproject.io) | alpha | +| [Local Provider](#secret-store) | alpha | +| [AWS Secrets Manager](https://aws.amazon.com/secrets-manager) | _planned_ | +| [Google Secrets Manager](https://cloud.google.com/secret-manager) | _planned_ | +| [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/) | _planned_ | +| [Kubernetes Secret](https://kubernetes.io/) | _planned_ | Check details about upcoming features by visiting the [project issue](https://github.com/bank-vaults/secret-sync/issues) board. ## Goal -* Provide safe and simple way to consume secrets -* Common API regardless of the secret store backend +* Provide safe and simple way to work with secrets +* Common API for secret management regardless of the store backend * Explicit control over the secret synchronization process > Consider a situation where Dev teams need access to secrets from different environments. @@ -47,8 +47,8 @@ Check details about upcoming features by visiting the [project issue](https://gi To get familiarized, we will show how you can use these tools to answer two questions: -- How do I sync secrets from one store to another? -- How do I consume secrets to bootstrap my configs? +- **Ops**: How do I synchronize secrets from one secret storage systems to another? +- **Dev**: How do I consume secrets to bootstrap my application? To answer the first question, we shall create some database secrets and synchronize them into Vault.
For the second question, we will use some secrets from Vault to create an access file for an application. @@ -59,7 +59,7 @@ You can find complete examples and instructions in the [EXAMPLE](EXAMPLE.md) fil ### Secret Store -Secret store defines the actual secret store that will be used for API requests. +Secret Store defines the actual external secret storage systems that will be used for API requests. In API requests, a secret store can be either a _source_ where the secrets are fetched from or a _target_ where the requested secrets are synced into. @@ -73,11 +73,11 @@ secretsStore: You can find all the Secret Store specifications in [pkg/apis/v1alpha1/secretstore.go](pkg/apis/v1alpha1/secretstore.go)
-Store Spec: HashiCorp's Vault* +Store Spec: HashiCorp Vault* #### Specs -The following configuration selects [HashiCorp's Vault](https://www.vaultproject.io/) as a secret store. +The following configuration selects [HashiCorp Vault](https://www.vaultproject.io/) as a secret store. ```yaml secretsStore: vault: @@ -93,7 +93,7 @@ _*Vault needs to be unsealed_.
-Store Spec: Local +Store Spec: Local Provider #### Specs