Kubernetes and Sealed Secrets (Kubernetes)

Kubernetes and Sealed Secrets (Kubernetes)

PROBLEM: I would like to share my secrets to git
SOLUTION: Use the Sealed Secretes

(Installing kubeseal)

Kubeseal is the CLI tool to manage sealed secret, is you are using macOS, you should use brew:

On (ubuntu based) linux you should be fine using:

Creating a secret

There are different ways how to create a secret, I am using direct input (–from-literal) or direct YAML efinition. I will show both.
Let’s assume I am deploying some application which will be connected to my GitLab so I need to share a secret key (gitlab_secret). The original secret should look like this (please note I prefer YAML over JSON):

The value of gitlab_secret is plaintext encoded in BASE64 (AB123456 -> QUIxMjM0NTY=). We can create secret directly using command too:

This will output the secret into our shell.

Sealing the secret

Now we can create sealed secret from the YAML we created using this command (plese note both < and >):

or we can extend the command from the above examaple

sealed-my-secret.yaml is the file with sealed secret we wanted. This file can be securely uploaded to (publi) git repo

The file could look like this:

Notify of
Inline Feedbacks
View all comments