Originally published at:

SealedSecret is a Kubernetes controller and tool for one-way encrypted Secrets. Encrypt your Secret into a SealedSecret, which is safe to store – even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster. No one else (not even the original author) is able to obtain the original Secret from the SealedSecret.