kubeseal-auto is an interactive wrapper for kubeseal binary used to encrypt secrets for sealed-secrets.
The recommended way to install this script is pipx:
pipx install kubeseal-autoBy default, the script will check the version of sealed-secret controller and download the corresponding kubeseal binary to ~/bin directory.
To run the script in fully interactive mode:
kubeseal-autoAdditionally, a "detached" mode is supported:
# Download sealed-secrets certificate for local signing
kubeseal-auto --fetch
# Generate SealedSecret with local certificate
kubeseal-auto --cert <kubectl-context>-kubeseal-cert.crtImportant
In the detached mode kubeseal-auto will not download the kubeseal binary and will look for it in the system $PATH.
To select kubeconfig context:
kubeseal-auto --selectTo append or change key values in the existing secret:
kubeseal-auto --edit secret-name.yamlTo reencrypt all secrets in a directory (not working in a detached mode):
kubeseal-auto --re-encrypt /path/to/directoryTo back up the encryption and decryption keys (not working in a detached mode):
kubeseal-auto --backupPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.