A Kubernetes controller and tool for one-way encrypted Secrets
APACHE-2.0 License
Bot releases are visible (Hide)
Published by mkmik almost 5 years ago
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.5/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.5/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.4/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.4/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik almost 5 years ago
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.3/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.3/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.2/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.2/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.1/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.1/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Please read the RELEASE_NOTES which contain among other things important information for who is upgrading from previous releases.
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.0/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.0/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
This is a release candidate, see RELEASE-NOTES.md for a preview.
Fixes #265
Published by mkmik about 5 years ago
This is a release candidate, see RELEASE-NOTES.md for a preview.
Published by mkmik about 5 years ago
This is a release candidate, see RELEASE-NOTES.md for a preview.
Published by mkmik about 5 years ago
This release contains a fix for a possible secret leak that can happen when sealing existing secrets that have been retrieved from a cluster (e.g. with kubectl get
) where they have been created with kubectl apply
(as opposed to kubectl create
).
This potential problem has been introduced v0.8.0 when kubeseal learned how to preserve annotations and labels.
Please check your existing sealed secret sources for any annotation kubectl.kubernetes.io/last-applied-configuration
, because that annotation would contain your original secrets in clear.
This release strips this annotation (and a similar annotation created by the kubcfg
tool)
Fixes in this release:
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/6?closed=1
Install client-side tool into /usr/local/bin/
:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.3/kubeseal-linux-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
brew install kubeseal
Install SealedSecret CRD, server-side controller into kube-system namespace.
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.3/controller.yaml
NOTE: If you can't (or don't want) to use the kube-system
namespace, please consider this approach
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please read this
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Fixes in this release:
--cert
(#208,#166)The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/5?closed=1
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.2/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.2/controller.yaml
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Fixes in this release:
client.authentication.k8s.io/v1beta1
config by upgrading to client-go v12.0.0 (#183)The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/4?closed=1
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.1/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.1/controller.yaml
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
The main improvements in this release are:
The full Changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/3?closed=1
Many thanks for all the folks who contributed to this release!
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0/controller.yaml
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by mkmik about 5 years ago
Published by mkmik over 5 years ago
Sorry for the delay, we've been through a fun ride lately but we're back on track.
Thanks to all the people who have contributed and offered their help!
v0.8.0 is a long overdue release but I don't want to rush it.
I would like to ask the community to help us validate this release and I guess cutting a release candidate
will lower the barrier for the testers.
The main improvements in this release are:
The full changelog is maintained in https://github.com/bitnami-labs/sealed-secrets/milestone/3?closed=1
# Install client-side tool into /usr/local/bin/
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0-rc.1/kubeseal-$(go env GOOS)-$(go env GOARCH) -O kubeseal
$ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
# Install SealedSecret CRD, server-side controller into kube-system namespace (by default)
$ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.8.0-rc.1/controller.yaml
NOTE: if you want to install it on a GKE cluster for which your user account doesn't have admin rights, please refer to the README.md for further instructions.
NOTE: since the helm chart is currently maintained elsewhere (see https://github.com/helm/charts/tree/master/stable/sealed-secrets) the update of the helm chart might not happen in sync with releases here.
Published by anguslees over 6 years ago
Big change for this release is the switch to per-key encrypted values.
("Keys" as in "object key/value", not as in "encryption key". English is hard.)
kubeseal
tool does not yet have an option to output just a single value, but you can safely mix+match the individual values from kubeseal
output with an existing SealedSecret. Improving kubeseal
support for this feature is still an open action item.kubeseal
tool now produce per-key encrypted output - if you need to produce the older format, just use an older kubeseal
. Please raise a github issue if you have a use-case that requires supporting "all-in-one" SealedSecrets going forward.Published by anguslees over 6 years ago
sealedsecrets.bitnami.com/cluster-wide: "true"
annotationPublished by anguslees about 7 years ago
Note: this version moves TPR/CRD definition into a separate file. To install, you need controller.yaml
and either sealedsecret-tpr.yaml
or sealedsecret-crd.yaml
kubeseal --fetch-cert
to dump server cert to stdout, for later offline use with kubeseal --cert
kubeseal
(v0.5.1 fixes a travis/github release issue with v0.5.0)
Published by anguslees about 7 years ago
kubeseal
: Include oidc and gcp auth provider pluginskubeseal
: Add support for YAML output