Added small shell tool for fetching certs of SealedSecrets for backup purpose (#7)

Co-authored-by: Marcel Straub <m@straubs.eu> Reviewed-on: #7
2025-09-07 15:49:23 +02:00
parent 456692fae3
commit 0bf1a4b536
2 changed files with 12 additions and 0 deletions
--- a/02-k8s/.gitignore
+++ b/02-k8s/.gitignore
@@ -0,0 +1,3 @@
+# Kube Seal backup
+kubeseal.cert
+kubeseal.key
--- a/02-k8s/fetch_kubeseal_certs.sh
+++ b/02-k8s/fetch_kubeseal_certs.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+rm kubeseal.cert kubeseal.key 2> /dev/null
+
+# public cert
+(umask 0077 && kubeseal --controller-namespace=sealed-secrets --fetch-cert > kubeseal.cert)
+
+# full cert backup
+(umask 0077 && kubectl get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > kubeseal.key)