Sealed Secrets Explained: Secure Kubernetes Secrets the Right Way

Description

Sealed Secrets is one of the original Kubernetes-native approaches to storing encrypted secrets in Git. In this video, we break down how Sealed Secrets works, walk through a full end-to-end demo, and explain when it’s a good fit — and when it’s not. You’ll learn: - Why Kubernetes Secrets aren’t safe for Git - How the Sealed Secrets controller + kubeseal CLI work together - The GitOps workflow step-by-step - Key limitations (cluster-bound keys, rotation, multi-cluster concerns) - When you should consider alternative patterns If you're running GitOps with Flux or Argo and want to keep secrets out of plaintext repos, this video will give you the mental model you need. Timestamps: 0:00 Kubernetes Secrets Problem in GitOps 0:52 Sealed Secrets Architecture Explained 2:03 Sealed Secrets Demo (Helm + kubeseal) 4:26 Sealed Secrets Limitations 5:01 Alternatives: Operators, CSI Drivers, External Managers Docs & resources: Sealed Secrets GitHub: https://github.com/bitnami-labs/sealed-secrets Kubernetes Secret docs: https://kubernetes.io/docs/concepts/configuration/secret/ For more Kubernetes security patterns, check out Infisical's Docs: https://infisical.com/docs Follow Infisical: Website: https://infisical.com LinkedIn: https://www.linkedin.com/company/infisical GitHub: https://github.com/Infisical Twitter / X: https://x.com/infisical Slack: https://infisical.com/slack