Sealed Secrets Encryption

Sealed Secrets is a Kubernetes controller (from Bitnami) that encrypts Kubernetes secrets before they're stored in Git or etcd. You use the kubeseal CLI to encrypt a secret with the cluster's public RSA key; only that cluster (with the private key) can decrypt it. This allows developers to safely commit encrypted secrets to version control without exposing plain-text credentials. The workflow: create a Kubernetes secret YAML, encrypt it with kubeseal, commit the encrypted version to Git, and when the secret is applied to the cluster, the Sealed Secrets controller automatically decrypts it. It's transparent to applications—they read the decrypted secret as a normal K8s secret.