How to Get Started with Kamus: Your Guide to Secrets Management in Kubernetes

May 15, 2024 | Programming

If you’ve been searching for a way to securely manage secrets in your Kubernetes applications, look no further than Kamus. Kamus is an open-source, GitOps, zero-trust solution designed to encrypt and decrypt secrets easily. Here’s how to get started with Kamus, protecting your applications while keeping your secrets safe!

What is Kamus?

Kamus enables users to encrypt secrets, allowing those secrets to be decrypted only by the application running on Kubernetes. To achieve this, Kamus employs robust encryption providers such as Azure KeyVault, Google Cloud KMS, and AES.

Getting Started with Kamus

The simplest way to run Kamus is by using the Helm chart. Follow these easy steps to get started:

  • Add the Soluto Helm repository:
  • helm repo add soluto https://charts.soluto.io
  • Install Kamus using Helm:
  • helm upgrade --install kamus soluto/kamus

For more details, refer to the installation guide.

Encrypting Your Secrets

Once you have installed Kamus, it’s time to encrypt your secrets. Kamus encrypts secrets for a specific application represented by a Kubernetes Service Account. Here’s how:

  • Create a service account for your application and mount it in the pods.
  • With the service account name and namespace identified, install the Kamus CLI with the following command:
  • npm install -g @soluto-asurion/kamus-cli
  • Use the Kamus CLI to encrypt your secret:
  • kamus-cli encrypt --secret super-secret --service-account kamus-example-sa --namespace default --kamus-url 

    If you’re running Kamus locally, your Kamus URL will typically be in the form of http://localhost:port. In this case, you need to add the flag --allow-insecure-url to enable the HTTP protocol.

Using Kamus for Decryption

After encryption, you need to pass the returned value to your pod and use the Kamus Decrypt API to decrypt it. You can achieve this using either the init container or directly from your application code.

To see how this all works in action, check out a working example app that you can deploy to any Kubernetes cluster with Kamus installed.

Kamus Architecture

The architecture of Kamus consists of three primary components:

  • Encrypt API: Handles encryption requests.
  • Decrypt API: Handles decryption requests.
  • Key Management System (KMS): Acts as a wrapper for cryptographic solutions. It currently supports:
    • AES: Uses one key for all secrets
    • AWS KMS, Azure KeyVault, Google Cloud KMS: Creates one key per service account.

Troubleshooting Tips

If you run into any issues or have questions during the setup or usage of Kamus, here are some troubleshooting tips:

  • Ensure your service account is properly configured and mounted in the pods.
  • Check the Kamus URL for accuracy, especially if you’re using a local setup.
  • Consult the installation guide for best practices and solutions to common problems.
  • If necessary, reach out to us on the Kamus Slack for further assistance.

For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

Conclusion

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.

Stay Informed with the Newest F(x) Insights and Blogs

Tech News and Blog Highlights, Straight to Your Inbox