Sealed Secrets

Jan 1, 0001

Definition

Sealed Secrets is a Kubernetes controller and tool that allows users to encrypt secrets into a SealedSecret resource, which can be safely stored in version control. The controller is responsible for decrypting these SealedSecrets into regular Kubernetes Secrets at runtime. This approach ensures that sensitive information is encrypted and protected while still enabling GitOps workflows.

Secure Settings Example

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: my-sealed-secret
  namespace: default
spec:
  encryptedData:
    my-secret-key: AgB+3V1b... (encrypted data)

In this example, the SealedSecret is created with encrypted data, ensuring that sensitive information is not exposed in plaintext within the configuration files.

Insecure Settings Example

apiVersion: v1
kind: Secret
metadata:
  name: my-insecure-secret
  namespace: default
data:
  my-secret-key: c2VjcmV0VmFsdWU=  # base64 encoded plaintext

This example shows a Kubernetes Secret with base64 encoded data, which is not encrypted and can be easily decoded, exposing sensitive information if stored in version control.

Sealed Secrets

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter