Sealed Secrets is a Kubernetes controller and client-side tool that enables one-way encrypted Secret management for GitOps workflows. The kubeseal utility encrypts a standard Kubernetes Secret object into a SealedSecret custom resource using the controller's public key, making it safe to store in public or private Git repositories. Only the Sealed Secrets controller running in the target cluster possesses the corresponding private key to decrypt it back into a standard Secret.
Glossary
Sealed Secrets

What is Sealed Secrets?
A mechanism for storing encrypted Kubernetes Secrets in Git repositories, where only a designated controller in the target cluster can decrypt them.
This architecture solves the fundamental problem of storing sensitive configuration in declarative Git repositories by ensuring the original plaintext never leaves the cluster. The controller performs automatic key rotation and can be configured for strict namespace-scoped decryption, preventing a SealedSecret from one namespace from being decrypted in another. This provides a cryptographically secure bridge between the immutability of Git and the security requirements of production infrastructure.
Key Features of Sealed Secrets
Sealed Secrets provides a one-way encryption mechanism that bridges the gap between storing configuration in Git and maintaining strict secrecy. The controller is the sole entity capable of decrypting the sealed data into standard Kubernetes Secret objects within the target cluster.
One-Way Asymmetric Encryption
The core mechanism relies on public-key cryptography. The kubeseal client fetches the public key from the controller and encrypts the Secret data locally. Only the controller running in the cluster possesses the corresponding private key to decrypt it. This ensures that the SealedSecret custom resource, which is a purely encrypted blob, can be safely committed to public or private Git repositories without exposing sensitive values.
SealedSecret Custom Resource
Instead of storing a standard Kubernetes Secret, users define a SealedSecret CRD. The controller watches for these resources and performs a one-way transformation:
- Input: A
SealedSecretcontaining encrypteddatafields. - Output: A standard
Secretobject with decrypted values. - Cleanup: The original
SealedSecretcan be garbage-collected or retained as the declarative source of truth. This decoupling allows Git to be the source of truth for encrypted secrets while the live cluster holds the plaintext only in memory.
Cluster-Scoped Decryption
Decryption is strictly cluster-bound. The private key is generated and stored as a standard Kubernetes Secret within the controller's namespace on first install. A SealedSecret encrypted for one cluster cannot be decrypted by a controller in a different cluster unless the private key is explicitly shared. This prevents lateral movement of secrets across environments and enforces a strict identity-binding between the encrypted artifact and its target runtime.
Key Renewal and Rotation
The controller supports automatic key rotation to maintain cryptographic hygiene. It maintains a list of active and deactivated private keys. When a new key is generated, it becomes the primary encryption target for kubeseal. Old keys are retained solely for decrypting existing SealedSecret resources. This allows for a seamless re-encryption process:
- Existing secrets continue to decrypt using the old key.
- New secrets are encrypted with the latest key.
- A manual re-seal operation can update old secrets to the new key without downtime.
Namespace and Name Binding
To prevent secret replay attacks, the encryption process can be scoped to a specific namespace and secret name. By default, kubeseal binds the encrypted data to the exact namespace/name combination specified during sealing. If a malicious actor copies the SealedSecret manifest to a different namespace or renames it, the controller will refuse to decrypt it. This strict binding can be relaxed with the --scope flag for broader use cases, but strict mode is the secure default.
Air-Gap and Disconnected Operation
Sealed Secrets is inherently suited for disconnected environments. The entire encryption operation is performed client-side by kubeseal using a public key that can be fetched once and cached. No network connectivity is required during the sealing process. The controller operates entirely within the cluster, requiring no external dependencies or calls to a cloud Key Management Service. This makes it a critical component of a sovereign AI infrastructure stack where external API calls are prohibited.
Frequently Asked Questions
Clear answers to the most common questions about encrypting and managing Kubernetes secrets in GitOps workflows and disconnected environments.
A SealedSecret is a custom Kubernetes resource that contains an encrypted version of a standard Secret, allowing it to be safely stored in public Git repositories. The encryption is performed using asymmetric cryptography: a controller running in the target cluster generates a public/private key pair. The public key is used client-side by kubeseal to encrypt the Secret data into a SealedSecret manifest. Only the controller, which holds the corresponding private key, can decrypt this manifest back into a standard Secret object within the cluster. This one-way encryption ensures that even if the Git repository is compromised, the raw secret values remain cryptographically opaque to the attacker.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the core concepts and complementary tools that form the foundation of secure secret management in disconnected Kubernetes environments.
Kubernetes Secrets
The native Kubernetes object for storing sensitive data such as passwords, OAuth tokens, and SSH keys. By default, Secrets are stored unencrypted in the etcd key-value store, making them a critical security boundary. They can be mounted as data volumes or exposed as environment variables to pods.
- Base64 encoding is not encryption
- Requires explicit RBAC permissions for access
- Limited to 1MB in size per Secret
- Can be consumed as files, env vars, or image pull secrets
RBAC for Secrets
Role-Based Access Control is the primary authorization mechanism for protecting Kubernetes Secrets. By defining fine-grained Roles and RoleBindings, cluster administrators can restrict which users and service accounts can read, create, or modify specific Secrets within a namespace.
- Use least privilege principle: only grant
geton specific named Secrets - Audit access with
kubectl auth can-i get secrets - Combine with Pod Security Admission to prevent privileged container escapes
- Service accounts should never mount Secrets they don't explicitly need

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us