#Sealed Secrets
Encrypt secrets for Kubernetes GitOps.
#Overview
Sealed Secrets encrypts K8s secrets so they can be stored in Git.
#Installation
bash
1# Install kubeseal CLI
2brew install kubeseal
3
4# Install controller
5kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.0/controller.yaml#Usage
bash
1# Create regular secret
2kubectl create secret generic myapp-secret \
3 --from-literal=password=supersecret \
4 --dry-run=client -o yaml > secret.yaml
5
6# Seal it
7kubeseal < secret.yaml > sealedsecret.yaml
8
9# Apply sealed secret
10kubectl apply -f sealedsecret.yaml
11
12# Controller decrypts to real secret
13kubectl get secret myapp-secret#SealedSecret Resource
yaml
1apiVersion: bitnami.com/v1alpha1
2kind: SealedSecret
3metadata:
4 name: myapp-secret
5spec:
6 encryptedData:
7 password: AgA...encrypted...==#Workflow
Secret → kubeseal → SealedSecret → Git → Apply → Controller → Secret
[!TIP] Pro Tip: Perfect for GitOps workflows with ArgoCD/FluxCD!