privilegedescalation/headlamp-sealed-secrets-plugin
Archived
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity
This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
7443187c4fe145e6e28cbe2002322df865f68bcd
headlamp-sealed-secrets-plugin/README.md
T
Chris Farhood bdf19cd3bf docs: implement Phase 1 - documentation reorganization 
Reorganize and consolidate documentation into structured `/docs` directory
for better navigation and maintainability.

New documentation structure:
- docs/README.md - Documentation hub with complete index
- docs/getting-started/ - Installation and quick start guides
- docs/development/ - Workflow and testing guides
- docs/archive/ - Archived PHASE_*.md completion summaries

Key changes:
- Created docs/ directory with 9 subdirectories
- Moved HEADLAMP_INSTALLATION.md → docs/getting-started/installation.md (streamlined)
- Created docs/getting-started/quick-start.md (5-minute tutorial)
- Moved DEVELOPMENT.md → docs/development/workflow.md
- Moved TESTING_GUIDE.md → docs/development/testing.md
- Archived 12 PHASE_*.md files to docs/archive/
- Updated CHANGELOG.md with v0.2.0 details
- Created main README.md with badges and links to docs

Benefits:
- Clear documentation hierarchy by user journey
- Easier navigation with centralized docs/README.md index
- Reduced clutter in repository root
- Improved cross-referencing between documents
- Better onboarding for new users and contributors

Phase 1 deliverables (1-2 days estimated, completed):
 Organized docs/ directory structure
 Consolidated installation guides
 Streamlined development documentation
 Updated CHANGELOG to v0.2.0
 Archived phase completion files
 Created documentation hub
 Updated main README with navigation
 Fixed cross-references

Next: Phase 2 - API documentation with TypeDoc

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-02-11 23:23:39 -05:00

160 lines
6.1 KiB
Markdown
Raw Blame History

# Headlamp Sealed Secrets Plugin
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![GitHub release](https://img.shields.io/github/v/release/cpfarhood/headlamp-sealed-secrets-plugin)](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/releases)
[![GitHub issues](https://img.shields.io/github/issues/cpfarhood/headlamp-sealed-secrets-plugin)](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/issues)
A comprehensive [Headlamp](https://headlamp.dev) plugin for managing [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) with client-side encryption, WCAG 2.1 AA accessibility, and production-ready features.
## ✨ Features
- 🔐 **Client-Side Encryption** - Encrypt secrets in browser using RSA-OAEP
- 📋 **Full CRUD Operations** - Create, list, view, and delete SealedSecrets
- 🔑 **Key Management** - View and download sealing certificates
-**Performance Optimized** - React optimizations, skeleton loading
-**Accessible** - WCAG 2.1 AA compliant
- 🛡️ **Type-Safe** - Full TypeScript with Result types and branded types
- 🔍 **RBAC-Aware** - Permission-based UI visibility
- 📊 **Health Monitoring** - Real-time controller status checks
- ⚠️ **Certificate Expiry Warnings** - 30-day advance notice
-**Well-Tested** - 92% test coverage (36/39 passing)
## 🚀 Quick Start
1. **Install the plugin**:
```bash
curl -LO https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/releases/download/v0.2.0/headlamp-sealed-secrets-0.2.0.tar.gz
tar -xzf headlamp-sealed-secrets-0.2.0.tar.gz -C ~/Library/Application\ Support/Headlamp/plugins/
```
2. **Restart Headlamp**
3. **Create your first sealed secret** - See [Quick Start Guide](docs/getting-started/quick-start.md)
## 📚 Documentation
- **[Complete Documentation](docs/README.md)** - Full documentation index
- **[Installation Guide](docs/getting-started/installation.md)** - Detailed installation instructions
- **[Quick Start](docs/getting-started/quick-start.md)** - Get started in 5 minutes
- **[User Guide](docs/user-guide/)** - Feature documentation
- **[Tutorials](docs/tutorials/)** - Step-by-step workflows
- **[Development](docs/development/workflow.md)** - Contributing guide
- **[Troubleshooting](docs/troubleshooting/)** - Common issues and solutions
## 📋 Prerequisites
- **Headlamp** v0.13.0 or later
- **Sealed Secrets controller** in your cluster:
```bash
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.0/controller.yaml
```
- **kubectl** access with appropriate RBAC permissions
## 🎯 Use Cases
- **GitOps-Friendly Secrets** - Store encrypted secrets safely in Git
- **Multi-Environment Secrets** - Manage secrets across dev/staging/prod
- **CI/CD Integration** - Automate secret creation in pipelines
- **Team Collaboration** - Share encrypted secrets securely
- **Certificate Management** - Monitor and rotate sealing keys
## 🏗️ Architecture
```
┌─────────────┐
│ Headlamp │
│ Browser │
└──────┬──────┘
├─ Client-Side Encryption (node-forge)
│ └─ RSA-OAEP + AES-256-GCM
├─ Headlamp Plugin
│ ├─ React Components (WCAG 2.1 AA)
│ ├─ Type-Safe API (Result types)
│ ├─ RBAC Integration
│ └─ Health Monitoring
┌──────────────────┐
│ Kubernetes API │
└─────────┬────────┘
┌──────────────────┐
│ Sealed Secrets │
│ Controller │
└──────────────────┘
```
## 🔒 Security
- **Client-Side Only** - Plaintext never leaves your browser
- **RSA-OAEP Encryption** - Industry-standard asymmetric encryption
- **Certificate Validation** - Automatic expiry detection
- **Input Validation** - Kubernetes-compliant name validation
- **RBAC Integration** - Permission checks before operations
See [Security Hardening Guide](docs/deployment/security-hardening.md) for production best practices.
## 📊 Technical Details
- **Bundle Size**: 359.73 kB (98.79 kB gzipped)
- **Test Coverage**: 92% (36/39 tests passing)
- **TypeScript**: 5.6.2 with strict mode
- **React**: Optimized with hooks and memoization
- **Build Time**: ~4 seconds
- **Code Lines**: 4,767 (TypeScript/React)
## 🤝 Contributing
We welcome contributions! See [Development Guide](docs/development/workflow.md) for:
- Setting up development environment
- Code style guidelines
- Testing requirements
- Pull request process
**Quick contribution checklist**:
- [ ] Fork and clone the repository
- [ ] Create a feature branch
- [ ] Make your changes with tests
- [ ] Run `npm run lint` and `npm test`
- [ ] Submit a pull request
## 📝 Changelog
See [CHANGELOG.md](CHANGELOG.md) for version history.
**Latest release (v0.2.0)**: Type-safe error handling, RBAC integration, accessibility improvements, and 92% test coverage.
## 🐛 Issues & Support
- **Bug Reports**: [GitHub Issues](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/issues)
- **Questions**: [GitHub Discussions](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/discussions)
- **Documentation**: [docs/](docs/README.md)
## 📄 License
Apache License 2.0 - see [LICENSE](headlamp-sealed-secrets/LICENSE) for details.
## 🙏 Credits
Built with:
- [Headlamp](https://headlamp.dev) - Kubernetes UI
- [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) - Encryption controller
- [node-forge](https://github.com/digitalbazaar/forge) - Cryptography library
## 🔗 Links
- **Headlamp Plugin**: [headlamp-sealed-secrets/](headlamp-sealed-secrets/)
- **Documentation**: [docs/](docs/README.md)
- **Releases**: [GitHub Releases](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/releases)
- **Issues**: [GitHub Issues](https://github.com/cpfarhood/headlamp-sealed-secrets-plugin/issues)
- **Artifact Hub**: (Coming soon)
- **NPM**: (Coming soon)
---
**Made with ❤️ for the Kubernetes community**
Reference in New Issue View Git Blame Copy Permalink