Like aws-vault is a helper for AWS related CLI tools, k8s-vault is a helper for CLI tools using KUBECONFIG. Unlike aws-vault, "vault" is used as a verb, synonymous to leap, jump, spring, etc..
About two years ago, I've made a script described in Using SSH + Port-Forwarding for K8s CLI tools post.
That CLI script serves as wrapper to other CLI tools using
KUBECONFIG. It establishes an SSH Forwarding session via SSH jumphost, while generating temporary
KUBECONFIG with server endpoint modified to use the TCP port of the forwarding session.
While the script worked well in my experience, it had to be fixed when newer version of yq introduced incompatible changes. And then again.. The whole dependency on specific version of helper tools is rather annoying..
It works pretty much the same way, with a slight change in
k8s-vault.yaml config format.
The repository's releases page includes statically compiled binary for Linux (x64), as well as dynamic one for macOS.