davidfrickert/onechart
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cluster wide sealed secrets are the default. RBAC should protect secrets

Browse Source
This commit is contained in:
Laszlo Fogas
2020-12-01 12:38:38 +01:00
parent 898316874e
commit 8e52597ae4
7 changed files with 52 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
website/docs/examples/secrets.md
+13 -6
View File
@@ -42,12 +42,19 @@ sealedSecrets:
secret2: ewogICJjcmVk...
```
Where you have to generate the encrypted values with [Sealed Secrets "raw" workflow](https://github.com/bitnami-labs/sealed-secrets#raw-mode-experimental):
Where you have to generate the encrypted values
- either one-by-one with [Sealed Secrets "raw" workflow](https://github.com/bitnami-labs/sealed-secrets#raw-mode-experimental):
```bash
echo -n my-secret-value | kubeseal \
--raw \
--from-file=/dev/stdin \
--namespace bar \
--name my-release
echo -n my-secret-value | kubeseal --raw --scope cluster-wide --from-file=/dev/stdin
```
- or with the [Gimlet CLI](https://github.com/gimlet-io/gimlet-cli):
```
# Fetch the keys first
kubeseal --fetch-cert > sealing-key.pub
# Seal all secrets in one go
gimlet seal -p sealedSecrets -k sealingKey.pub -f values.yaml -o sealed-valeus.yaml
```