Sealed secrets - backup, recovery, miscellaneous

#kubernetes #addon #secret

Recovering public key used by the controller

❯ kubeseal \
      --controller-name=ss-app-sealed-secrets \
      --controller-namespace=sealed-secrets \
      --fetch-cert > publickey.pem

Recovering the private key

❯ kubectl get secrets acme-keys -n sealed-secrets -o json | jq ".data | map_values(@base64d)"
{
  "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIE3DCCAsQCCQCgdNszn/dUUTANBgkqhkiG9w0BAQsFADAwMRYwFA...\n-----END CERTIFICATE-----\n",
  "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDAFYgUZStmW6Zo\n...\n-----END PRIVATE KEY-----\n"
}

Re-encrypting sealed-secret files when keys change (rotated)

❯ kubeseal --controller-name=ss-app-sealed-secrets --controller-namespace=sealed-secrets --re-encrypt -o yaml < ss.yaml  > new-ss.yaml

Useful annotations

sealedsecrets.bitnami.com/managed: "true" to make a kubernetes secret be managed by Bitnami SS controller
sealedsecrets.bitnami.com/namespace-wide: "true" to make the scope to namespace-wide
sealedsecrets.bitnami.com/cluster-wide: "true" to make the scope to cluster-wide

FAQ

https://github.com/bitnami-labs/sealed-secrets#faq

DEV Community

Sealed secrets - backup, recovery, miscellaneous

Recovering public key used by the controller

Recovering the private key

Re-encrypting sealed-secret files when keys change (rotated)

Useful annotations

FAQ

Top comments (0)

Read next

Kubernetes Pod Cheatsheet

🚀 Automating Image Vulnerability Patching in Kubernetes with Trivy Operator, Copacetic, and GitHub Actions

20 reasons (and a tutorial!) to deploy OpenProject with Kubernetes via Helm

How to Set Up Minio Object Storage on Linux with Systemd