A Go HTTPS server that serves a web console UI for managing Kubernetes secrets with OIDC authentication and role-based access control. The built UI is embedded into the Go binary for single-binary deployment.
make certs # Generate TLS certificates (one-time)
make run # Build and start the serverOpen https://localhost:8443/ui in your browser. make run enables the embedded Dex OIDC provider (--enable-insecure-dex) which auto-logs in for local development.
| Document | Description |
|---|---|
| CONTRIBUTING.md | Development setup, build commands, testing, and commit message format |
| AGENTS.md | Agent and CI guidance for working with this codebase |
| docs/authentication.md | OIDC PKCE authentication with embedded Dex or external provider |
| docs/rbac.md | Project-level grants, per-secret sharing grants, and permission model |
| docs/secrets.md | Secret data model, UI workflows, and consuming secrets in pods |
| docs/dev-server.md | Two-server development setup (Go backend + Vite dev server) |
| docs/hostname-configuration.md | Hostname and port configuration, reverse proxy setup |
| docs/observability.md | Structured logging, audit events, and Datadog integration |
| docs/rpc-service-definitions.md | Protobuf and ConnectRPC code generation, adding new RPCs |
| docs/adrs/ | Architecture Decision Records |
| docs/research/ | Technical research and analysis documents |