diff --git a/02-k8s/.gitignore b/02-k8s/.gitignore
new file mode 100644
index 0000000..9c57dcb
--- /dev/null
+++ b/02-k8s/.gitignore
@@ -0,0 +1,3 @@
+# Kube Seal backup
+kubeseal.cert
+kubeseal.key
\ No newline at end of file
diff --git a/02-k8s/fetch_kubeseal_certs.sh b/02-k8s/fetch_kubeseal_certs.sh
new file mode 100755
index 0000000..2424f16
--- /dev/null
+++ b/02-k8s/fetch_kubeseal_certs.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+rm kubeseal.cert kubeseal.key 2> /dev/null
+
+# public cert
+(umask 0077 && kubeseal --controller-namespace=sealed-secrets --fetch-cert > kubeseal.cert)
+
+# full cert backup
+(umask 0077 && kubectl get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > kubeseal.key)