kubeseal

Client-side utility for encrypting Kubernetes secrets using the Bitnami Sealed Secrets controller. Creates SealedSecret resources that can be safely stored in version control. Requires a controller running in the cluster (e.g., installed via kubectl apply -f controller.yaml). More information: https://github.com/bitnami-labs/sealed-secrets.

kubeseal < {{secret.yaml}} > {{sealedsecret.json}}

kubeseal {{[-o|--format]}} {{yaml|json}} --token {{my-bearer-token}} < {{secret.yaml}} > {{sealedsecret.yaml}}

kubeseal --controller-namespace {{controller-namespace}} --controller-name {{controller-name}} < {{secret.yaml}} > {{sealedsecret.yaml}}

kubeseal --raw --from-file {{path/to/secret.txt}} --name {{my-secret}} --scope {{strict|namespace-wide|cluster-wide}} > {{sealedsecret.yaml}}

kubeseal --fetch-cert --username {{username}} --password {{password}} > {{cert.pem}}

kubeseal --cert {{cert.pem}} < {{secret.yaml}} > {{sealedsecret.yaml}}

kubeseal --merge-into {{sealedsecret.yaml}} < {{secret.yaml}}

kubeseal --validate < {{sealedsecret.yaml}}