keys.gpg is an encrypted file with key-value pairs like this:
# TEST_KEY is "foobar" (base64-encoded)
TEST_KEY="Zm9vYmFy"
values are base64-encoded
Usage in kustomization.yaml:
secretGenerator:
- name: foobar
commands:
somekey: '${GETPW} TEST_KEY'
Running kustomize:
GETPW="${PWD}/scripts/getpw.sh" kustomize build