Download Instructions: https://kubernetes.io/docs/tasks/tools/install-kubectl/
Download Instructions: https://github.com/helm/helm/releases
Download Instructions: https://github.com/bitnami-labs/sealed-secrets/releases
./scripts/flux-init.sh https://github.com/username/reponame.git
kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml >master.key
Using the master.key file from the above backup step, replace the newly created secrets (from a freshly installed SealedSecrets deployment) and restart the controller
$ kubectl apply -f master.key
$ kubectl delete pod -n kube-system -l name=sealed-secrets-controller
kubeseal --fetch-cert \
--controller-name=sealed-secrets \
--controller-namespace=kube-system \
> pub-cert.pem
$ kubectl create secret generic test-secret -n mynamespace \
--from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' \
--dry-run -oyaml | \
kubeseal --cert pub-cert.pem --format yaml \
> mysealedsecret.yaml
In this example i use jq to add annotation to the initial manifest
https://github.com/bitnami-labs/sealed-secrets#scopes
$ kubectl create secret generic test-secret -n default \
--from-literal=username='my-app' --from-literal=password='39528$vdg7Jb' \
--dry-run -ojson | \
jq '.metadata += {"annotations":{"sealedsecrets.bitnami.com/cluster-wide":"true"}}' | \
kubeseal --cert pub-cert.pem --format yaml \
> mysealedsecret.yaml
kubectl get secrets/fluxcd-git-deploy -n fluxcd -o jsonpath='{.data.identity}' | base64 -d | ssh-keygen -f /dev/stdin -y