Deploy the Sealed Secrets Operator

Safely encrypt your Kubernetes Secrets using the Sealed Secrets Operator. This guide walks you through installing the operator via Helm, fetching its public key, and sealing a Secret.

Helm 3.x installed
kubectl configured with access to your target cluster
Cluster-admin privileges (or equivalent)

1. Add the Sealed-Secrets Helm Repository

helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm repo update

2. Install the Sealed-Secrets Chart

Choose between installing into the default namespace or a custom namespace.

Installation Scope	Helm Command
Default Namespace	`helm install my-release sealed-secrets/sealed-secrets`
Custom Namespace (e.g. `kube-system`)	`helm install my-release sealed-secrets/sealed-secrets -n kube-system`

3. Verify the Operator Pod

Confirm that the Sealed Secrets controller is running:

Namespace	Command
Default	`kubectl get pods`
Custom (e.g. `kube-system`)	`kubectl get pods -n kube-system`

You should see a pod like my-release-sealed-secrets-controller-<id> in Running status.

4. Fetch the Controller’s Public Key

Download the operator’s certificate to seal Secrets locally. Replace <release-name> and <namespace> as needed:

kubeseal \
  --controller-name=my-release-sealed-secrets-controller \
  --controller-namespace=kube-system \
  --fetch-cert \
  > mycert.pem

If you installed into the default namespace, omit --controller-namespace or set it to default.

5. Create and Seal a Secret

Generate a Kubernetes Secret manifest (client-side dry run):

kubectl create secret generic secret-name \
  --from-literal=foo=bar \
  --dry-run=client \
  -o yaml \
  > secret.yaml

Seal the Secret using the fetched certificate:

kubeseal \
  --format yaml \
  --cert mycert.pem \
  < secret.yaml \
  > mysealedsecret.yaml

Apply the SealedSecret to your cluster:
```
kubectl apply -f mysealedsecret.yaml
```

6. Confirm Deployment

Ensure the Sealed Secrets Operator is still running after sealing:

Namespace	Command
Default	`kubectl get pods`
Custom (e.g. `kube-system`)	`kubectl get pods -n kube-system`

Once verified, your Sealed Secrets Operator is ready to encrypt and manage Kubernetes Secrets securely!

Introduction

Sealed Secrets Fundamentals

Conclusion

Deploy the Sealed Secrets Operator

1. Add the Sealed-Secrets Helm Repository

2. Install the Sealed-Secrets Chart

3. Verify the Operator Pod

4. Fetch the Controller’s Public Key

5. Create and Seal a Secret

6. Confirm Deployment

Links and References

Watch Video

Introduction

Sealed Secrets Fundamentals

Conclusion

​1. Add the Sealed-Secrets Helm Repository

​2. Install the Sealed-Secrets Chart

​3. Verify the Operator Pod

​4. Fetch the Controller’s Public Key

​5. Create and Seal a Secret

​6. Confirm Deployment

​Links and References

Watch Video

1. Add the Sealed-Secrets Helm Repository

2. Install the Sealed-Secrets Chart

3. Verify the Operator Pod

4. Fetch the Controller’s Public Key

5. Create and Seal a Secret

6. Confirm Deployment

Links and References