Skip to content

Secrets

How to add sealed secrets

We are using bitnami-labs/sealed-secrets (https://github.com/bitnami-labs/sealed-secrets) for storing secrets in git.

$ dev-cli ssh kubectl
# OR
$ ssh zcdn@kubectl1.smartweb.io

# THIS IS FOR PRODUCTION

# Generates the yaml
REPLACE [secret-name] and [unsealed-secret-file-name]

$ kubectl -n production create secret generic --dry-run=client -o yaml [secret-name] --from-literal=testKey=testValue --from-literal=testKey2=testValue2 >> [unsealed-secret-file-name].yaml

# Sealing
$ kubeseal --controller-namespace internal-system --controller-name sealed-secrets -o yaml < [unsealed-secret-file-name].yaml >> [sealed-secret-file-name].yaml

# THIS IS FOR STAGING

# Generates the yaml
REPLACE [secret-name] and [unsealed-secret-file-name]

$ kubectl --context kube2clu3-dk2-virtualdatacenter-nu -n production create secret generic --dry-run=client -o yaml [secret-name] --from-literal=testKey=testValue --from-literal=testKey2=testValue2 >> [unsealed-secret-file-name].yaml

# Sealing
$ kubeseal --context kube2clu3-dk2-virtualdatacenter-nu --controller-namespace internal-system --controller-name sealed-secrets -o yaml < [unsealed-secret-file-name].yaml >> [sealed-secret-file-name].yaml

###

You now take the sealed file and commit it to git. This will create a secret named [secret-name] placed in the namespace production.