Bitnami Sealed Secrets is a Kubernetes controller and tool for one-way encrypted Secrets.
You will need kubectl and kubeseal
Get the latest version from their releases then for linux:
curl -sSL https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.1/kubeseal-0.19.1-linux-amd64.tar.gz | tar -xz
sudo install -o root -g root -m 0755 kubeseal /usr/local/bin/kubesealCreate a kubernetes secret:
echo -n pass123 | kubectl create secret generic app-secret --dry-run=client --from-file=foo=/dev/stdin -o yaml > app-secret.yamlEncrypt the secret:
kubeseal --controller-name=sealed-secrets --controller-namespace=kube-system --format yaml < app-secret.yaml > app-sealedsecret.yamlCreate the sealed secret:
kubectl create -f app-sealedsecret.yamlTo backup the master key:
kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > sealedsecret-master.keyTo restore the master key:
kubectl apply -f sealedsecret-master.key
kubectl delete pod -n kube-system -l name=sealed-secrets-controller