What Is a Sealed Secret?
A sealed secret is a secret encrypted with a public key so the ciphertext can be committed to version control without exposing the value. A controller running in the cluster holds the private key and decrypts it into a normal secret at apply time. This lets secrets live in a GitOps repo alongside other manifests.
Why it matters
Sealed secrets make it safe to manage secrets through Git-based CI/CD without plaintext in the repo. Only the target cluster can unseal them, so a leaked repo does not leak the values.
Related guides
What Is an External Secret?An external secret is a resource that syncs a value from an outside secret store into a cluster secret, keepi…
What Is a Secret Rotation Policy?A secret rotation policy defines how often credentials are replaced and how the change propagates, limiting h…
What Is a CSI Secret Driver?A CSI secret driver mounts secrets from an external store directly into a pod as files via the container stor…