Skip to content
@Trousseau-io

Trousseau

Store and access Secrets the Kubernetes way
README.md

Please note: We take security and users' trust seriously. If you believe you have found a security issue in Trousseau, please responsibly disclose by following the security policy.

This is the home of Trousseau, an open-source project leveraging the Kubernetes KMS provider framework to connect with Key Management Services the Kubernetes native way!

Why Trousseau

Kubernetes platform users are all facing the very same question: how to handle Secrets?

While there are significant efforts to improve Kubernetes component layers, the state of Secret Management is not receiving much interests. Using etcd to store API object definition & states, Kubernetes secrets are encoded in base64 and shipped into the key value store database. Even if the filesystems on which etcd runs are encrypted, the secrets are still not.

Instead of leveraging the native Kubernetes way to manage secrets, commercial and open source solutions solve this design flaw by leveraging different approaches all using different toolsets or practices. This leads to training and maintaining niche skills and tools increasing cost and complexity of Kubernetes.

Once deployed, Trousseau will enable seamless secret management using the native Kubernetes API and kubectl CLI usage while leveraging an existing Key Management Service (KMS) provider.

How? By using using the Kubernetes KMS provider framework to provide an envelop encryption scheme to encrypt secrets on the fly.

About the name

The name trousseau comes from the French language and is usually associated with keys like in trousseau de clés meaning keyring.

Production reference

The following blog post provides an overview of a production use case for a Hong Kong based Service Provider leveraging Suse, RKE2, HashiCorp Vault and Trousseau to secure their workload hosted for Government agencies:

Roadmap

The roadmap items are described within user story 50
Trousseau's roadmap milestone for v2 [here](https://github.com/orgs/ondat/projects/1/views/4](https://github.com/ondat/trousseau/milestone/2).

Contributing Guidelines

We love your input! We want to make contributing to this project as easy and transparent as possible. You can find the full guidelines here.

Community

Please reach out for any questions or issues via one the following channels:

License

Trousseau is under the Apache 2.0 license. See LICENSE file for details.

Popular repositories Loading

  1. trousseau trousseau Public

    Forked from ondat/trousseau

    Store and access your secrets the Kubernetes native way with any external KMS.

    Go 8 1

  2. docs.trousseau.io docs.trousseau.io Public

    Trousseau documentation website

    1

  3. trousseau-io.github.io trousseau-io.github.io Public

    Website content for the project trousseau.io

    HTML

  4. .github .github Public

  5. trousseau-operator trousseau-operator Public

    Makefile

Repositories

Showing 5 of 5 repositories
  • docs.trousseau.io Public

    Trousseau documentation website

    Trousseau-io/docs.trousseau.io’s past year of commit activity
    1 Apache-2.0 0 0 0 Updated Dec 22, 2023
  • trousseau Public Forked from ondat/trousseau

    Store and access your secrets the Kubernetes native way with any external KMS.

    Trousseau-io/trousseau’s past year of commit activity
    Go 8 Apache-2.0 11 0 0 Updated Jun 18, 2023
  • trousseau-io.github.io Public

    Website content for the project trousseau.io

    Trousseau-io/trousseau-io.github.io’s past year of commit activity
    HTML 0 Apache-2.0 0 0 0 Updated Jun 18, 2023
  • .github Public
    Trousseau-io/.github’s past year of commit activity
    0 0 0 0 Updated Mar 16, 2023
  • trousseau-operator Public
    Trousseau-io/trousseau-operator’s past year of commit activity
    Makefile 0 Apache-2.0 0 0 0 Updated Apr 5, 2022

Top languages

Loading…

Most used topics

Loading…