DEV Community

Cover image for Sealed secrets - backup, recovery, miscellaneous
Ashok Nagaraj
Ashok Nagaraj

Posted on

Sealed secrets - backup, recovery, miscellaneous

Recovering public key used by the controller
❯ kubeseal \
      --controller-name=ss-app-sealed-secrets \
      --controller-namespace=sealed-secrets \
      --fetch-cert > publickey.pem
Enter fullscreen mode Exit fullscreen mode
Recovering the private key
❯ kubectl get secrets acme-keys -n sealed-secrets -o json | jq ".data | map_values(@base64d)"
{
  "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIE3DCCAsQCCQCgdNszn/dUUTANBgkqhkiG9w0BAQsFADAwMRYwFA...\n-----END CERTIFICATE-----\n",
  "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDAFYgUZStmW6Zo\n...\n-----END PRIVATE KEY-----\n"
}
Enter fullscreen mode Exit fullscreen mode
Re-encrypting sealed-secret files when keys change (rotated)
❯ kubeseal --controller-name=ss-app-sealed-secrets --controller-namespace=sealed-secrets --re-encrypt -o yaml < ss.yaml  > new-ss.yaml
Enter fullscreen mode Exit fullscreen mode
Useful annotations
  • sealedsecrets.bitnami.com/managed: "true" to make a kubernetes secret be managed by Bitnami SS controller
  • sealedsecrets.bitnami.com/namespace-wide: "true" to make the scope to namespace-wide
  • sealedsecrets.bitnami.com/cluster-wide: "true" to make the scope to cluster-wide
FAQ

Discussion (0)