Maung San

Maung San

Architect/DevOps Engineer/Fullstack Developer

Unlocking Kubernetes Secrets with Bitnami’s Sealed Secrets

December 16, 2023  2 minute read  

Unlocking Kubernetes Secrets with Bitnami’s Sealed Secrets: A Comprehensive Guide

As a DevOps enthusiast navigating the dynamic landscape of Kubernetes, managing sensitive data such as API keys, user credentials, and database passwords is a critical task. That’s where Sealed Secrets by Bitnami comes into play, offering a magic wand to secure Kubernetes secrets.

What Are Sealed Secrets?

Sealed Secrets is a tool that encrypts Kubernetes secrets into a format called SealedSecrets, making them safe for storage even in public repositories. This tool not only simplifies secret management but also enhances security.

The Process: Simple Yet Secure

The process of using Sealed Secrets is straightforward. You convert your sensitive information into an encrypted blob using the Sealed Secrets tool, which then can be safely stored and version-controlled like any other code. It’s about bringing transparency and reviewability to something that was previously opaque and sensitive.

Integrating with Kubernetes

Sealed Secrets work seamlessly with Kubernetes controllers. Once deployed into your Kubernetes cluster, the controller decrypts the SealedSecret and creates a standard Kubernetes secret. This integration ensures a smooth and secure workflow for handling secrets.

How to Install and Run Sealed Secrets in a Local Cluster

Prerequisites

  • A local Kubernetes cluster (like Minikube or Docker Desktop).
  • kubectl installed and configured.
  • Helm, the Kubernetes package manager.

Step 1: Install the Sealed Secrets Controller

Use Helm to install the Sealed Secrets controller in your Kubernetes cluster:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install sealed-secrets-controller bitnami/sealed-secrets

Step 2: Install kubeseal CLI

kubeseal is a CLI tool for sealing secrets. Install it on your local machine:

  • macOS: 
    brew install kubeseal
  • Linux: 
    # Replace <version> and <platform> accordingly
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/<version>/kubeseal-<platform>-amd64.tar.gz
tar -xzf kubeseal-<platform>-amd64.tar.gz kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal

Step 3: Create and Seal a Secret

Create a Kubernetes secret and seal it:

# Create a secret
echo -n "s3cr3t" | base64 > secret.txt
kubectl create secret generic mysecret --from-file=secret.txt

# Seal the secret
kubeseal < secret.yaml > mysealedsecret.yaml

Step 4: Deploy the Sealed Secret

Apply the sealed secret to your cluster:

kubectl apply -f mysealedsecret.yaml

Step 5: Verify

Check the creation of the secret:

kubectl get secrets

Conclusion

Sealed Secrets by Bitnami is more than just a security tool; it’s a transformative approach to managing the sensitive aspects of your digital infrastructure. For teams working with Kubernetes, Sealed Secrets offers a streamlined, transparent, and secure way to handle critical data. Embrace this tool to ensure your Kubernetes secrets are not just protected but also seamlessly integrated into your DevOps workflows.

Leave a comment

You may also enjoy

Chaos Engineering for Kubernetes: Kube-Monkey vs Chaos Mesh

December 20, 2023  2 minute read  

Hey there, fellow tech enthusiasts! 🌟 Today, we’re diving into the world of Chaos Engineering in Kubernetes, comparing two fascinating tools: Chaos Mesh and Kube-Monkey. 🚀 Let’s unravel the mysteries of these tools and find out which one might suit your Kubernetes adventures!