Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name

v0.0.5 · public · Published over 3 years ago

Asset Definition
Release Notes
Release Assets

Sensu Bonsai Asset
Go Test


Table of Contents


The secret-to-handler is not a typical Sensu Check it was created to automate creating sensu configurations from a Kubernetes Secret.

Usage examples

Reads a K8S secret and publish a handler in sensu

  secret-to-handler [flags]
  secret-to-handler [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

  -F, --add-extra-filter string        Add extra filters to all handlers created by this command. e. fatigue_check,work_hours
  -B, --api-backend-host string        Sensu Go Backend API Host (e.g. '') (default "")
  -k, --api-backend-key string         Sensu Go Backend API Key
  -P, --api-backend-pass string        Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int           Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string        Sensu Go Backend API User (default "admin")
  -c, --config string                  Json template for Sensu Check
  -D, --disabled-label string          Query for disabled label (e.g. sync=disabled)
  -e, --external                       Connect to cluster externally (using kubeconfig)
  -f, --handler-key-file-path string   Handler Key file path to be used instead paste key into handler command
  -h, --help                           help for secret-to-handler
  -i, --insecure-skip-verify           skip TLS certificate verification (not recommended!)
  -C, --kubeconfig string              Path to the kubeconfig file (default $HOME/.kube/config)
  -l, --label-selectors string         Query for labelSelectors (e.g. release=stable,environment=qa)
  -m, --main-handler string            Main handler of type set to add all new handlers (default "all-alerts")
  -N, --namespace string               Namespace to which to limit this check
  -R, --reserved-names string          Reserved Names already in use for Sensu that cannot be used anymore (list splited by comma , )
  -s, --secure                         Use TLS connection to API
  -n, --sensu-namespace string         Namespace to which to limit this check
  -t, --trusted-ca-file string         TLS CA certificate bundle in PEM format

Use "secret-to-handler [command] --help" for more information about a command.


Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add betorvs/secret-to-handler

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][].

Check definition

type: CheckConfig
api_version: core/v2
  name: secret-to-handler
  namespace: default
  command: secret-to-handler -e -l 'alert_route=1' -n development -c "$(cat config.json)"
  - secretwatcher
  - betorvs/secret-to-handler

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the secret-to-handler repository:

go build

Additional notes

sensu user and roles

Create a user in Sensu Backend to be used by secret-to-handler:

type: User
api_version: core/v2
  name: secret-to-handler
  disabled: false
  username: secret-to-handler
  password_hash: $blablabla
type: ClusterRole
api_version: core/v2
  name: secret-to-handler-role
  - resource_names: []
    - filters
    - handlers
    - mutators
    - get
    - list
    - create
    - update
    - delete
type: ClusterRoleBinding
api_version: core/v2
  name: secret-to-handler-role-binding
    name: secret-to-handler-role
    type: ClusterRole
  - name: secret-to-handler
    type: User

secret example

Use disabled: "true" to clean up all filters, mutators and handlers from Sensu.

apiVersion: v1
kind: Secret
  name: alert-route-example
  namespace: default
    alert_route: "1"
type: Opaque
  name: ops
  contacts: ops
  keys: |
    opsgenie: "api-key-long"
    chat: "long-webhook"
  disabled: "false"

For this work, we should have assets for opsgenie and hangouts chat and asset for secret-to-handler.


For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.


You must be signed in to report this asset.

Sign In with Github



Either download the source code:

Download Source

Or download the asset definition: