Safely encrypt your Kubernetes Secrets using the Sealed Secrets Operator. This guide walks you through installing the operator via Helm, fetching its public key, and sealing a Secret.Documentation Index
Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
Use this file to discover all available pages before exploring further.
- Helm 3.x installed
kubectlconfigured with access to your target cluster- Cluster-admin privileges (or equivalent)
1. Add the Sealed-Secrets Helm Repository
Register the Bitnami Sealed Secrets chart and update your local repo cache:2. Install the Sealed-Secrets Chart
Choose between installing into the default namespace or a custom namespace.| Installation Scope | Helm Command |
|---|---|
| Default Namespace | helm install my-release sealed-secrets/sealed-secrets |
Custom Namespace (e.g. kube-system) | helm install my-release sealed-secrets/sealed-secrets -n kube-system |
3. Verify the Operator Pod
Confirm that the Sealed Secrets controller is running:| Namespace | Command |
|---|---|
| Default | kubectl get pods |
Custom (e.g. kube-system) | kubectl get pods -n kube-system |
my-release-sealed-secrets-controller-<id> in Running status.
4. Fetch the Controller’s Public Key
Download the operator’s certificate to seal Secrets locally. Replace<release-name> and <namespace> as needed:
If you installed into the default namespace, omit
--controller-namespace or set it to default.5. Create and Seal a Secret
-
Generate a Kubernetes Secret manifest (client-side dry run):
-
Seal the Secret using the fetched certificate:
-
Apply the SealedSecret to your cluster:
6. Confirm Deployment
Ensure the Sealed Secrets Operator is still running after sealing:| Namespace | Command |
|---|---|
| Default | kubectl get pods |
Custom (e.g. kube-system) | kubectl get pods -n kube-system |