Sealed Secrets Help

🕵️‍♀️ Generate Sealed Secrets:

To generate your sealed secret from your secret:

  1. Install kubeseal using the instructions
  2. Log into the cluster where Sealed Secrets is deployed and take note of the namespace (deaults to labs-ci-cd)
  3. Process your existing secret eg this nexus secret using the kubeseal command line. Important to set the correct namespace otherwise the secret will not unseal
    cat << EOF > /tmp/nexus-password.yaml
    apiVersion: v1
    kind: Secret
      name: nexus-password
     credential.sync.jenkins.openshift.io: "true"
    type: "kubernetes.io/basic-auth"
      password: "admin123"
      username:  "admin"
    kubeseal < /tmp/nexus-password.yaml > /tmp/sealed-nexus-password.yaml \
      -n labs-ci-cd \
      --controller-namespace labs-ci-cd \
      --controller-name sealed-secrets \
      -o yaml
  4. You can now apply that secret straight to the cluster for validation but you should add it in using ArgoCD by committing it to Git :)
    cat /tmp/sealed-nexus-password.yaml | oc apply -n labs-ci-cd -f-
  5. Set your UJ Jenkins secrets as follows using the output of the secret generation step ```yaml jenkins_values: &jenkins_values source_secrets: {} sealed_secrets:
    • name: git-auth password: AgAD+uOI5aCI9YKU2NYt2p7as….. username: AgCmeFkNTa0tOvXdI+lEjdJmV5u7FVUcn86SFxiUAF6y….. ```

📝 Bring your own certs

See the docs written by @jtudelag on Sealed Secrets site!