Hello KodeKloud Community
I have a question a bout managing secret in argocd.
can we decrypt sealed secret with any bitnami sealed controller ?
i’m asking that because i want to add my sealed secrets to gitlab to be encrypted and applied using bitnami sealed controller crt deployed in kube-system namespace.
but i’m afraid that if i update the bitnami controller or redeploye it, it can’t be capable to decrypt those sealed secrets that was encrypted with other instance of bitnami crt, and this because the crt will change also.
thanks for helping me to understand that.
I have the same question and it feels like a chicken-and-an-egg scenario. I want to encrypt the secret and provide it to the application that needs it without breaking the automated workflow. So far it looks like this:
- Deploy seealed-secrets via argoCD app
- Start using imperative commands with kubeseal to seal my secret
- Uploaded the sealed secret that my app will use to git
- Continue deploying my app with argoCD
Steps 2 and 3 break the automation for me and I have tried encrypting the secret with a different controller but then, as you had thought Khalil, the newly deployed controller will have a different key and so will not be able to decrypt the sealed secret.
Any tips on how to get around this?