Kubeseal: Difference between revisions
Jump to navigation
Jump to search
(→Server) |
|||
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
<code>kubeseal</code> encrypts a secret into a sealed secret, which is safe to store - even to a public repository. The sealed secret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original secret from the sealed secret. | <code>kubeseal</code> encrypts a secret into a sealed secret, which is safe to store - even to a public repository. The sealed secret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original secret from the sealed secret. | ||
=Installation= | =Installation= | ||
==Server== | |||
<font color=darkkhaki>NOT TESTED</font> | |||
<syntaxhighlight lang='bash'> | |||
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets | |||
helm install -n kube-system sealed-secrets sealed-secrets/sealed-secrets | |||
</syntaxhighlight> | |||
==Client== | |||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
brew install kubeseal | brew install kubeseal | ||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 01:57, 22 February 2022
External
Internal
Overview
kubeseal
encrypts a secret into a sealed secret, which is safe to store - even to a public repository. The sealed secret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original secret from the sealed secret.
Installation
Server
NOT TESTED
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm install -n kube-system sealed-secrets sealed-secrets/sealed-secrets
Client
brew install kubeseal