bakito
April 12, 2023, 6:53pm
1
Q1. What is the problem that you are trying to solve?
External Secrets allows to integrate secrets from various providers into kubernetes secrets. With a passbolt integration I would be able to use secrets from passbolt in kubernetes secrets.
Q2 - Who is impacted?
SRE / kubernetes cluster maintainers that are using passbolt and want to ave an easy way to automatically integrate secrets from passbolt into kubernetes would profit from this integration.
Q3 - Why is it important and/or urgent?
User would profit from an easy and automated integration from passbolt secrets into kubernetes.
Q4 - What is your proposed solution? (optional)
passbolt would provide a provider integration in External Secrets Operator.
A solution is discussed also here: New provider integration for passbolt · Issue #2188 · external-secrets/external-secrets · GitHub
Q5. Community support
People can vote for this idea to show traction:
(I’m not allowed to create polls)
3 Likes
diego
April 13, 2023, 12:44pm
2
This is interesting we’ll dig into it to define the scope to make a PR in the external secrets repo!
1 Like
For PassBolt developers: there is an abandoned alpha of " passbolt-secret-controller", GitHub - thegrumpylion/passbolt-secrets: Kebernetes secrets from Passbolt , last updated 3 years ago.
It does not have a Helm or OLM deployment, but can be of a help.
Has there been any update on this? It would be a nice thing to have. I think the best way would be to implement a provider for passbolt in external-secrets
diego
February 5, 2024, 9:56am
5
Hey @tuxillo ,
We really want to get this project going but unfortunately we don’t have the bandwidth right now, we’ll keep you posted as soon as we start working on it.
upvoting totally would like to see this feature.
diego
April 17, 2024, 2:40pm
7
Hello!
Thank you all for your interest in this feature. I’m sad to say that It is unlikely that this integration gets implemented this year as our bandwitdth will be even more reduced as the year advances. However, I have bumped into this project that might be interesting to some of the community members GitHub - urbanmedia/passbolt-operator: A Kubernetes Operator that allows you to synchronize your Passbolt credentials with Kubernetes Secrets
I added some basic support for ExternalSecrets.
external-secrets:main
← thorbenbelow:main
opened 02:51PM - 03 Apr 24 UTC
## Problem Statement
Add basic provider implementation for [Passbolt](https:/… /www.passbolt.com/).
## Related Issue
Fixes:
- https://github.com/external-secrets/external-secrets/issues/3074
- https://github.com/external-secrets/external-secrets/issues/2188
## Proposed Changes
Added support for following APIs:
- [x] SecretStore
- [x] ClusterSecretStore
- [x] ExternalSecret with `remoteRef.key`
- [x] ExternalSecret with `dataFrom.find.name.regexp`
### SecretStore and ClusterSecretStore
The passbolt provider requires auth in the form of a password and a private key as well as a hostname to connect to.
```yaml
provider:
passbolt:
host: https://passbolt.passbolt.svc.cluster.local
auth:
passwordSecretRef:
key: password
name: passbolt-credentials
privateKeySecretRef:
key: privateKey
name: passbolt-credentials
```
### External Secret
By default secrets include `name`, `username`, `uri`, `password` and `description` and are in json format.
```
'{"name":"passbolt-secret","username":"some-username","password":"supersecretpassword","uri":"passbolt.com","description":"some description"}'
```
Using the `property` key this can be reduced to only display one single property.
The key for secrets synced with `dataFrom.find.name.regexp` is the respective Passbolt resource ID.
## Checklist
- [x] I have read the [contribution guidelines](https://external-secrets.io/latest/contributing/process/#submitting-a-pull-request)
- [x] All commits are signed with `git commit --signoff`
- [x] My changes have reasonable test coverage
- [x] All tests pass with `make test`
- [x] I ensured my PR is ready for review with `make reviewable`
2 Likes
Wow @thorbenbelow great it is awesome
Thank you for this
Are you currently using it ?