🚧 Currently in beta.
Sync secrets from a secrets manager into Komodo (Currently supports Bitwarden Secrets Manager)
Why? Komodo doesn't natively support fetching secrets from external secrets managers. If you manage your Docker Compose stacks in a GitOps workflow and want to automatically sync secrets from external secrets managers (like HashiCorp Vault, Bitwarden Secrets Manager, etc.) to Komodo, this tool is for you! (Alternatively, you can add secrets manually in the Komodo UI 😉)
- Continuously monitors and syncs secrets at configurable intervals
- Detects changes using hashing (SHA-256)
- Only syncs modified secrets, not everything
| Secret Manager | Status |
|---|---|
| Bitwarden Secrets Manager | ✅ Supported |
| HashiCorp Vault | 🚧 Planning |
Usage: komodo-secrets-sync --komodo-url=STRING --komodo-api-key=STRING --komodo-api-secret=STRING <command> [flags]
Sync secrets from a secrets manager into Komodo.
Flags:
-h, --help Show context-sensitive help.
--komodo-url=STRING Komodo URL ($KOMODO_URL)
--komodo-api-key=STRING Komodo API key ($KOMODO_API_KEY)
--komodo-api-secret=STRING Komodo API secret ($KOMODO_API_SECRET)
--reconcile-interval=5m Reconcile interval ($RECONCILE_INTERVAL)
--reconcile-timeout=1m Reconcile timeout ($RECONCILE_TIMEOUT)
--log-format="json" Set the output format of the logs. Must be "console" or "json" ($LOG_FORMAT).
--log-level=INFO Set the log level. Must be "DEBUG", "INFO", "WARN" or "ERROR" ($LOG_LEVEL).
--log-add-source Whether to add source file and line number to log records ($LOG_ADD_SOURCE).
--version Print version information and exit
Secret Managers
bitwarden Bitwarden Secrets Manager.
Run "komodo-secrets-sync <command> --help" for more information on a command.
- Login to Komodo UI as admin → Navigate to Settings
- Click on Profile tab
- Click Create New to generate API keys as shown below:
This tool currently supports Bitwarden Secrets Manager. Follow the setup guide to get your access tokens:
Export environment variables with your credentials:
# Komodo Configuration
export KOMODO_API_KEY=<your-komodo-api-key>
export KOMODO_API_SECRET=<your-komodo-api-secret>
export KOMODO_URL=<your-komodo-url>
# Bitwarden Secrets Manager Configuration
export BW_ACCESS_TOKEN=<your-access-token>
export BW_ORGANIZATION_ID=<your-org-id>
export BW_PROJECT_ID=<your-project-id>---
name: komodo-secrets-sync
services:
komodo-secrets-sync:
image: veerendra2/komodo-secrets-sync:latest
container_name: komodo-secrets-sync
environment:
# Komodo Configuration
KOMODO_API_KEY: ${KOMODO_API_KEY}
KOMODO_API_SECRET: ${KOMODO_API_SECRET}
KOMODO_URL: ${KOMODO_URL}
# Bitwarden Secrets Manager Configuration
BW_ACCESS_TOKEN: ${BW_ACCESS_TOKEN}
BW_ORGANIZATION_ID: ${BW_ORGANIZATION_ID}
BW_PROJECT_ID: ${BW_PROJECT_ID}
command:
- bitwarden
restart: unless-stopped
hostname: komodo-secrets-sync- Using Taskfile
Install Taskfile: Installation Guide
# Available tasks
task --list
task: Available tasks for this project:
* all: Run comprehensive checks: format, lint, security and test
* build: Build the application binary for the current platform
* build-docker: Build Docker image
* fmt: Formats all Go source files
* install: Install required tools and dependencies
* lint: Run static analysis and code linting using golangci-lint
* run: Runs the main application
* security: Run security vulnerability scan
* test: Runs all tests in the project (aliases: tests)
* vet: Examines Go source code and reports suspicious constructs- Build with goreleaser
Install GoReleaser: Installation Guide
# Build locally
goreleaser release --snapshot --clean
...