voch is a minimal sh script that works around kubectl tool, that is:

• Fast: one login and you are ready to go,
• Simple: based on lightweight commands such as curl and yq,
• Secure: voch downloads k8s configuration from bitwarden using cli and removes it afterwards,
• Configurable: all clusters are defined in a yaml file similar to other tools,
• Supported: voch supports any vanilla clusters
• Easy: quick to install – start using it in minutes.
• Interoperable: support for Mac and Linux operating systems

Authentication can be achieved through:

• Bitwarden: the bitwarden client by looking at user and password in a strongbox entry.

• sh, used to execute the script
• yq, used to manage yaml configuration (tested with v4.33.0)
• kubectl, used to perform login and logout operation once received the token.
• bw (bitwarden-cli, optional), used to request credentials
• jq (optional), used to parse credentials json

• starship, used to know the current kubectl context
• kubectx, to change between kubectl context
• kubens, to change the current namespace
• fzf , to properly select the kubernetes context and namespace

This script downloads and install the voch script in the bin directory of the user. You can also install system-wide.

curl -o voch https://raw.githubusercontent.com/faan11/voch/0.1.0/voch
mv voch $HOME/.local/bin/
chmod +x $HOME/.local/bin/voch

You can get the help command by simply typing

voch

The following command defines a cluster configuration.

voch define <profile-name> --context "$K8SContextName" --secrethandler "bitwarden" --secretname="$TheBitwardenSecretName"

Once the configuration is defined, the user can perform authentication by using the profile name.

Voch downloads the kubeconfig from Bitwarden and save it in the system. The command psh saves this kubeconfig in a temporary file. After that it opens a new shell with that kubeconfig, no one can access this skubeconfig. Once it is closed, the kubeconfig file will be removed from the system. A private shell can be created with the following command:

voch psh <context-name> 

The command login save this kubeconfig in $HOME/.kube/config.

voch login <context-name> 

The command logout removes the current kubeconfig. voch logout performs the logout operation.

voch logout

voch supports only bash and zsh shell autocompletion. The autocompletion is limited to the login command. It is used to filter voch profiles.

eval "$(voch completion zsh)" # inside your .zshrc file
eval "$(voch completion bash)" # inside your .bashrc file

Feel free to open an issue in the repo and proposes new ideas.

• Fabio Pagnotta fabiopagnotta.92@gmail.com