Sealed Secrets
Encrypt Kubernetes secrets into a format safe to store in Git
Secrets ManagementFree (open source)Open Source
How we work:This listing is aggregated from Sealed Secrets's official documentation, public pricing pages, community discussions (Reddit, HN, forums), and real user feedback. We do not do hands-on testing. We aggregate and organize what's already out there. Last verified April 2026.
What is Sealed Secrets?
Sealed Secrets is a Kubernetes controller from Bitnami that lets you store encrypted secrets directly in Git. You use the kubeseal CLI to encrypt a regular Kubernetes Secret into a SealedSecret custom resource, which only the controller running in your cluster can decrypt. This makes secret material safe to commit, review, and diff in version control without a separate secrets manager.
Best for: Small-to-medium Kubernetes teams doing pure GitOps without a separate secrets backend
Pros
- ✓ No external secrets backend needed; just Git plus cluster
- ✓ Perfect fit for pure GitOps workflows
- ✓ Simple mental model: encrypt once, commit, done
- ✓ Backed by Bitnami (VMware) with stable release cadence
Cons
- ✗ Key rotation requires re-sealing every secret
- ✗ Lose the cluster key, lose every sealed secret
- ✗ No per-key RBAC; anyone who can create a SealedSecret can decrypt it once applied
- ✗ No rotation or lifecycle features like a real secrets manager
Key Features
→Asymmetric encryption (RSA-4096 keys)
→kubeseal CLI for encrypting secrets
→SealedSecret CRD for declarative workflows
→Private key stored only in the cluster controller
→Automatic key rotation with configurable policies
→Works with GitOps (Argo CD, Flux)
→Namespace-scoped and cluster-wide sealing modes
→Re-encryption on cluster restore
→Helm chart deployment
→Public key export for offline sealing
What People Are Saying
Real discussions and resources from the community.
Quick Info
| Pricing | Free (open source) |
| Model | Open Source |
| Founded | 2017 |
| Cloud | No |
| Self-Hosted | Yes |
| Open Source | Yes |
| Rating | 4.3/5 |
Last updated: Apr 23, 2026