Introduction⚓︎
This article explains Sealed Secrets, an open-source tool for securely managing sensitive data in Kubernetes and Terraform environments.
Introduction⚓︎
Sealed Secrets is an open-source tool by Bitnami for managing sensitive data securely in Kubernetes and other environments like Terraform. Instead of storing raw secrets in your Git repository, you encrypt them into “sealed” Secrets, which only the target cluster can decrypt.
In this lesson, we will:
- Define Sealed Secrets and its primary use cases
- Explore core components and workflow
- Demonstrate a hands-on example to seal and unseal secrets
Note
You will need access to a running Kubernetes cluster and the kubeseal CLI installed locally.
What You’ll Learn⚓︎
| Topic | Description |
|---|---|
| Core Concepts | Overview of Sealed Secrets architecture and components |
| Workflow Overview | Encrypting, committing, and decrypting secrets |
| Demo | Creating a Kubernetes Secret, sealing it, and applying it to a cluster |
| Integration with IaC | Using Sealed Secrets in Terraform and GitOps pipelines |
Core Components Overview⚓︎
Sealed Secrets relies on three main components:
- SealedSecret custom resource for encrypted data
- Controller that runs in-cluster to decrypt SealedSecrets into native Kubernetes Secrets
- kubeseal CLI for encrypting Secret manifests outside the cluster