Sealed Secrets
A Kubernetes controller and tool for encrypting Secrets into SealedSecrets that can be safely stored in Git.
What is Sealed Secrets?
Sealed Secrets is a Kubernetes-native solution for managing sensitive configuration data like passwords and API keys in a GitOps workflow. It encrypts standard Kubernetes Secrets into SealedSecret custom resources that can be safely stored in version control. The SealedSecret can only be decrypted by a controller running inside the target Kubernetes cluster, preventing exposure of plaintext secrets.
Kubernetes administrators and DevOps engineers who practice GitOps and need a secure way to manage secrets within their configuration repositories. Teams deploying to multiple clusters or requiring audit trails for secret changes will find it particularly valuable.
Developers choose Sealed Secrets because it seamlessly integrates with existing Kubernetes tooling and Git workflows, providing strong encryption without complex external key management. Its client-side tool (`kubeseal`) is simple to use, and the controller automatically handles key renewal, reducing operational overhead compared to manual secret management.
Overview
A Kubernetes controller and tool for one-way encrypted Secrets
Use Cases
Best For
- Managing database credentials and API keys in Git-based Kubernetes deployments
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.