DEV Community

Cover image for Sealed secrets - backup, recovery, miscellaneous
Ashok Nagaraj
Ashok Nagaraj

Posted on

4 2

Sealed secrets - backup, recovery, miscellaneous

Recovering public key used by the controller
❯ kubeseal \
      --controller-name=ss-app-sealed-secrets \
      --controller-namespace=sealed-secrets \
      --fetch-cert > publickey.pem
Enter fullscreen mode Exit fullscreen mode
Recovering the private key
❯ kubectl get secrets acme-keys -n sealed-secrets -o json | jq ".data | map_values(@base64d)"
{
  "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIE3DCCAsQCCQCgdNszn/dUUTANBgkqhkiG9w0BAQsFADAwMRYwFA...\n-----END CERTIFICATE-----\n",
  "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDAFYgUZStmW6Zo\n...\n-----END PRIVATE KEY-----\n"
}
Enter fullscreen mode Exit fullscreen mode
Re-encrypting sealed-secret files when keys change (rotated)
❯ kubeseal --controller-name=ss-app-sealed-secrets --controller-namespace=sealed-secrets --re-encrypt -o yaml < ss.yaml  > new-ss.yaml
Enter fullscreen mode Exit fullscreen mode
Useful annotations
  • sealedsecrets.bitnami.com/managed: "true" to make a kubernetes secret be managed by Bitnami SS controller
  • sealedsecrets.bitnami.com/namespace-wide: "true" to make the scope to namespace-wide
  • sealedsecrets.bitnami.com/cluster-wide: "true" to make the scope to cluster-wide
FAQ

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay