Skip to content

Sealed Secrets

karina.yml

sealedSecrets:
  version: "v0.10.0"
  certificate:
    cert: .certs/sealed-secrets.crt
    privateKey: .certs/sealed-secrets.key
    password: foobar

Deploy using:

karina deploy sealed-secrets -c karina.yml

Certificate generation

If certificate is not provided, sealed secrets controller will automatically generate one and will store it in a secret named sealed-secret-keys in the sealed-secrets namespace.

You can override this settings and provide your own certificate for encrypting secrets.

karina ca generate --name sealed-secrets \
--cert-path .certs/sealed-secrets.crt \
--private-key-path .certs/sealed-secrets-key.key \
--password foobar \
--expiry 1