Sealed Secrets
Regular secrets that are encrypted with key from sealed secrets kubernetes controller.
Install kubeseal | client
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/
Bash
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.5/kubeseal-0.24.5-linux-amd64.tar.gz
Bash
tar -xvzf kubeseal-0.24.5-linux-amd64.tar.gz kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
Install kubeseal controller
- Helm
Bash
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm dependency update sealed-secrets
helm install sealed-secrets sealed-secrets/sealed-secrets --namespace kube-system --version 2.7.4
- Kubectl
Bash
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.5/controller.yaml
kubectl apply -f controller.yaml
Usage
- Regular secret (do not apply):
YAML
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: test-secret
namespace: default
data:
password: Tk9QQVNTV0QK # base64 encoded NOPASSWD
username: SWFtUm9vdAo= # base64 encoded IamRoot
- Fetch key
- Seal a secret
- Apply
YAML
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: test-secret
namespace: default
spec:
encryptedData:
password: AgBMh6gQcudXysXPw6CJU4TVvK+XxPIbUNWq8FTmoZZT8DX0DQRgje1dfrvwxvnnNNxWEUQWEwOwKp/lAuBEtFphH0FZbgruZFoMVm18Xq/Bb7NFvMaYnQi+duwGrO3ul2vdvq9rUKMu04tUPIr4/k5D60+qKJ/wOXsjdpSLAIsVjVGy46TnxJ02q5eZcOqrWwiytIYXJ7Q073ulang+7QU45gp2LP3ocRA0Ny+CKyZqsXgIakqcPLnhaQb/aPRT4e7YwBVnxmqSLoq+AzfVTAnyM+Eow8lD/SIgRcosX8zMjzj5r1nl2oP/WvwB6UTesnTt+lpx4HPVMIG1uPuJhyCjQctKxzx04UcEBq7ocSylF48Mmx7ZtBhQHKCwQQ5hn+OYbVgZ4+0rMmznzfNkETsmXlVE6jAyNhSohp8iCcWABUAKo5nGQqFxsDLc89BQeCuSJN2mIRdZgiEXFLDUdL8fT/IiwtbFa4NhS6aV7QqsaWzngwHMuwqWHg1uIeK7fNO+6iHiblhlknDUvwHYfjZtff4CiDjk5wLCCtOtuRc7TQqCE2GvzxHbMOCQWtnKYlUeRnXt8b8MpuM/Q3unXDgDeonXAYUtp825J1zVBWByWPMs3noQGBSNTpW7tBsgUESyHWYIV734j+ACOCSecZ+1IRZfX7m14jjm2EldWupXrttzRxde/uDgckQM2ymXILSBfIaOEsWsg2s=
username: AgBWQlxJ3YzsDVqPZcdpZVHL1EYaePb1IvdYoh50sLlYSxFNFR11WLhZ33tBjZHPTe90gxLYKhCZfiGp2NMLubqEc46UGsYvzeOhrbtGKChynX3MHx/PORKp9MODwGPeC2ysGH62T7HyRp2rJcSoOq7iSI84iprkwYF6e95bOYUAVlYzJhFQKggeGTVKtNe55dpIm/C++HMcCGjFFkcRFGA8l20UPM88vCjHdRldG5kzaWz7ApqOEAKDDIpJRXpTU9+qXH/OUkh9IJ12OGoZ79mzm2YDE26mf2dkc3I/EtLZZO64PQbWV8koWVKD2buQ69XxzFaXj+MLgVs2Sa8g68B67IwTUZwJxbl+2Frq6wRzKZ5mkF4F9XPH8wQcCVrlA589mlI7wOnW3PhB0QD+Bhuz0P5nAN9ed0VXCWm2TOot+aKevKzryWLV1cHV8osDBsnI0M1AnlqrsYtjp1+uS+pCWCdz+V2nipDChkneJbsTupukkFrpQKfgpJB1QmXckaywU+c3Cl9ewxaDsIdQjXtEYid6ADYNO585gLokgswogL9KLXjhRF6yGAbmdvSZeh74UBzEOccZ9CkDqlTLhULL6/GroI8GGYkZipiGNRKGG7EqEIsV/N76M2MwcAY9O0SALmOhr7vIery8XpMIoSsiEHYHSdUCj7HCoVS01uNoiliGqOHP/FGbArDWfx3K5lwGrSAu4kKQGg==
template:
metadata:
creationTimestamp: null
name: test-secret
namespace: default