🗂️ Navigation
📁 GitOps
📋 GitOps Security
🔧 Bitnami Sealed Secrets

Bitnami Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

Visit Website →

Overview

Sealed Secrets is a Kubernetes controller that manages secrets within your cluster. It provides a CLI tool, kubeseal, to encrypt a standard Kubernetes Secret into a SealedSecret custom resource. This SealedSecret is safe to commit to Git. The controller running in the cluster is the only entity that can decrypt the SealedSecret back into a regular Secret, using a key pair that is unique to the cluster.

✨ Key Features

  • One-way encryption of secrets
  • Secrets are tied to a specific cluster
  • Enables storing secrets in Git for GitOps
  • Kubernetes-native (uses a controller and CRDs)
  • Open source

🎯 Key Differentiators

  • Kubernetes-native design
  • Simplicity of the one-way encryption model
  • Secrets are tightly coupled to the target cluster, enhancing security

Unique Value: Provides a simple and secure Kubernetes-native way to store secrets in Git, by ensuring that they can only be decrypted by the intended cluster.

🎯 Use Cases (3)

Managing Kubernetes secrets in a GitOps workflow. Storing sensitive configuration like database passwords or API keys in a public Git repository. Allowing developers to create secrets without having direct access to the production cluster's secrets.

✅ Best For

  • A developer creates a standard Secret manifest, encrypts it using `kubeseal` and the controller's public key, and commits the resulting `SealedSecret` to Git. Argo CD then applies this manifest, and the in-cluster controller decrypts it into a usable Secret.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Managing secrets for non-Kubernetes applications.
  • Secrets that need to be shared across multiple clusters (without complex key management).

🏆 Alternatives

SOPS HashiCorp Vault External Secrets Operator

Simpler to set up and manage than Vault for Kubernetes-only use cases. Unlike SOPS, the secrets are cluster-specific, which can be a security advantage as a compromised key doesn't expose secrets for all clusters.

💻 Platforms

Kubernetes CLI

🔌 Integrations

Kubernetes Git Argo CD Flux

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The tool is completely free.

Visit Bitnami Sealed Secrets Website →

🔄 Similar Tools in GitOps Security

Snyk

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, co...

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurati...

Contact

Trivy

An open-source vulnerability scanner for containers, IaC, and more....

Contact

KICS

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance iss...

Contact

Terrascan

An open-source static code analyzer for Infrastructure as Code, scanning for security vulnerabilitie...

Contact

Open Policy Agent (OPA)

An open source, general-purpose policy engine that unifies policy enforcement across the stack....

Contact