Inferensys

Glossary

Sealed Secrets

A Kubernetes controller that enables one-way encrypted secrets to be stored safely in Git; only the controller running in the target cluster can decrypt them into standard Kubernetes Secret objects.
Data engineer managing feature store on laptop, feature definitions visible, casual data engineering session.
GITOPS ENCRYPTION CONTROLLER

What is Sealed Secrets?

A mechanism for storing encrypted Kubernetes Secrets in Git repositories, where only a designated controller in the target cluster can decrypt them.

Sealed Secrets is a Kubernetes controller and client-side tool that enables one-way encrypted Secret management for GitOps workflows. The kubeseal utility encrypts a standard Kubernetes Secret object into a SealedSecret custom resource using the controller's public key, making it safe to store in public or private Git repositories. Only the Sealed Secrets controller running in the target cluster possesses the corresponding private key to decrypt it back into a standard Secret.

This architecture solves the fundamental problem of storing sensitive configuration in declarative Git repositories by ensuring the original plaintext never leaves the cluster. The controller performs automatic key rotation and can be configured for strict namespace-scoped decryption, preventing a SealedSecret from one namespace from being decrypted in another. This provides a cryptographically secure bridge between the immutability of Git and the security requirements of production infrastructure.

CRYPTOGRAPHIC GITOPS

Key Features of Sealed Secrets

Sealed Secrets provides a one-way encryption mechanism that bridges the gap between storing configuration in Git and maintaining strict secrecy. The controller is the sole entity capable of decrypting the sealed data into standard Kubernetes Secret objects within the target cluster.

01

One-Way Asymmetric Encryption

The core mechanism relies on public-key cryptography. The kubeseal client fetches the public key from the controller and encrypts the Secret data locally. Only the controller running in the cluster possesses the corresponding private key to decrypt it. This ensures that the SealedSecret custom resource, which is a purely encrypted blob, can be safely committed to public or private Git repositories without exposing sensitive values.

02

SealedSecret Custom Resource

Instead of storing a standard Kubernetes Secret, users define a SealedSecret CRD. The controller watches for these resources and performs a one-way transformation:

  • Input: A SealedSecret containing encrypted data fields.
  • Output: A standard Secret object with decrypted values.
  • Cleanup: The original SealedSecret can be garbage-collected or retained as the declarative source of truth. This decoupling allows Git to be the source of truth for encrypted secrets while the live cluster holds the plaintext only in memory.
03

Cluster-Scoped Decryption

Decryption is strictly cluster-bound. The private key is generated and stored as a standard Kubernetes Secret within the controller's namespace on first install. A SealedSecret encrypted for one cluster cannot be decrypted by a controller in a different cluster unless the private key is explicitly shared. This prevents lateral movement of secrets across environments and enforces a strict identity-binding between the encrypted artifact and its target runtime.

04

Key Renewal and Rotation

The controller supports automatic key rotation to maintain cryptographic hygiene. It maintains a list of active and deactivated private keys. When a new key is generated, it becomes the primary encryption target for kubeseal. Old keys are retained solely for decrypting existing SealedSecret resources. This allows for a seamless re-encryption process:

  • Existing secrets continue to decrypt using the old key.
  • New secrets are encrypted with the latest key.
  • A manual re-seal operation can update old secrets to the new key without downtime.
05

Namespace and Name Binding

To prevent secret replay attacks, the encryption process can be scoped to a specific namespace and secret name. By default, kubeseal binds the encrypted data to the exact namespace/name combination specified during sealing. If a malicious actor copies the SealedSecret manifest to a different namespace or renames it, the controller will refuse to decrypt it. This strict binding can be relaxed with the --scope flag for broader use cases, but strict mode is the secure default.

06

Air-Gap and Disconnected Operation

Sealed Secrets is inherently suited for disconnected environments. The entire encryption operation is performed client-side by kubeseal using a public key that can be fetched once and cached. No network connectivity is required during the sealing process. The controller operates entirely within the cluster, requiring no external dependencies or calls to a cloud Key Management Service. This makes it a critical component of a sovereign AI infrastructure stack where external API calls are prohibited.

SEALED SECRETS

Frequently Asked Questions

Clear answers to the most common questions about encrypting and managing Kubernetes secrets in GitOps workflows and disconnected environments.

A SealedSecret is a custom Kubernetes resource that contains an encrypted version of a standard Secret, allowing it to be safely stored in public Git repositories. The encryption is performed using asymmetric cryptography: a controller running in the target cluster generates a public/private key pair. The public key is used client-side by kubeseal to encrypt the Secret data into a SealedSecret manifest. Only the controller, which holds the corresponding private key, can decrypt this manifest back into a standard Secret object within the cluster. This one-way encryption ensures that even if the Git repository is compromised, the raw secret values remain cryptographically opaque to the attacker.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.