Easily get or set secrets to or from the Google Cloud to your local repo for Docker dev.

secrets_manager_kubernetes.sh

#!/bin/bash

# Description: Easily get or set secrets to or from the Google Cloud to your local repo for Docker dev.

# Dependencies: kubectl (logged in with permissions to access kubernetes), jq
# Installation: To install, just move into /usr/local/bin/ and make sure it has execute permissions

set -e # halt on errors

# Set script vars
APP_ID=$3
SECRET_FILE=${APP_ID}-env-vars
LOCAL_SECRET_FILE=secrets.env

# Functions
show_help() {
  printf "Usage: ./secrets_manager_kubernetes.sh <action get|set> <namespace production|staging|qa1|qa2|qa3> <kubernetes app name e.g mycoolapp>\n\n"
  exit 0;
}

# Script Entrypoint w/ error and insanity checks
if [ $# -eq 0 ]; then
    printf "No arguments supplied\n"
    show_help;
fi

if [ $# -ne 3 ]; then
    printf "Not enough or too many arguments supplied\n"
    show_help;
fi

if [ "$2" != "production" ] && [ "$2" != "staging" ] && [ "$2" != "qa1" ] && [ "$2" != "qa2" ] && [ "$2" != "qa3" ]; then
  printf "Invalid namespace!\n\n";
  exit 0;
fi

# Let's start main execution
if [ "$1" == "get" ]; then
  printf "Getting Cloud Kubernetes Secrets From $2 For Project $3...\n"

  JSON_PAYLOAD=`kubectl get secrets ${SECRET_FILE} --namespace=$2 -o=json | jq -r '.data'` # get secrets from Kubernetes as json payload and find .data members.
  JSON_LINE_COUNT=`echo ${JSON_PAYLOAD} | tr -cd , | wc -c` # Count lines by looking for commas in JSON payload

  printf "Loading ${JSON_LINE_COUNT} values from cloud...\n"

  echo "# Automatically generated from values on '$2' branch on Google Cloud Kubernetes" > ${LOCAL_SECRET_FILE}
  for i in $(seq 0 $JSON_LINE_COUNT); do # easiest way to do a for-loop that iterates from 1..10 in bash
    JSON_KEY=`echo -n ${JSON_PAYLOAD} | jq keys[${i}] | sed "s/\"//g"` # Echo payload, find i key, and replace all " with nothing
    JSON_VALUE=`echo -n ${JSON_PAYLOAD} | jq -r .${JSON_KEY} | base64 -D` # Echo payload, find value based off JSON key and decode value from base64
    printf "Retrieving ${JSON_KEY} ...\n";

    echo "${JSON_KEY}=${JSON_VALUE}" >> ${LOCAL_SECRET_FILE} # Append decoded key/value pairs into local secrets file
  done
elif [ "$1" == "set" ]; then
  printf "Before Setting Values First Delete Secrets File From Kubernetes Cloud...\n"
  set +e # ignore errors
  kubectl delete secret ${SECRET_FILE} --namespace=$2
  set -e # halt on errors

  sleep 5 # If secrets were deleted need to wait for server to update before proceeding

  printf "Setting Cloud Kubernetes Secrets To $2 For Project $3...\n"
  KUBE_COMMAND_ARGS=""

  while read line; do
    if [[ $line == *"="* ]]; then # find only lines that have an = in them
      KEY=`echo $line | cut -d '=' -f 1` # get line and get first index of string split by '='
      VALUE=`echo $line | cut -d '=' -f 2-99` # get remainder of line as the value, even if it includes delimiter in the value (=)

      KUBE_COMMAND_ARGS="${KUBE_COMMAND_ARGS} --from-literal=${KEY}=${VALUE} "
    fi
  done < ${LOCAL_SECRET_FILE}

  #printf "kubectl create secret generic ${SECRET_FILE} ${KUBE_COMMAND_ARGS} --namespace=$2\n"
  kubectl create secret generic ${SECRET_FILE} ${KUBE_COMMAND_ARGS} --namespace=$2
fi

printf "Completed Successfully!\n\n"