Create sealed secrets for Kubernetes using kubeseal
Creates encrypted sealed secrets for Kubernetes using kubeseal when you need to store sensitive data in Git repositories. It automatically handles port-forwarding to the sealed-secrets-controller and generates the sealed secret YAML for you.
/plugin marketplace add aaronwald/dlawskillz/plugin install dlaw@dlawskillzThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Create encrypted sealed secrets for storing sensitive data in Git repositories.
kubeseal CLI installedThe sealed-secrets-controller may not be directly reachable due to network policies. Use port-forwarding as a workaround:
# Start port-forward in background
kubectl port-forward -n flux-system svc/sealed-secrets-controller 8080:8080 &
PF_PID=$!
sleep 3
# Fetch the certificate
CERT=$(curl -s http://localhost:8080/v1/cert.pem)
# Create and seal the secret using the certificate
cat <<EOF | kubeseal --cert <(echo "$CERT") --format yaml > sealed-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: my-namespace
type: Opaque
stringData:
key1: "value1"
key2: "value2"
EOF
# Clean up port-forward
kill $PF_PID 2>/dev/null || true
Create a standard Kubernetes Secret manifest with your sensitive data:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: target-namespace
type: Opaque
stringData:
api-key: "your-api-key"
password: "your-password"
For docker registry secrets:
apiVersion: v1
kind: Secret
metadata:
name: registry-secret
namespace: target-namespace
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <base64-encoded-docker-config>
Using port-forward (recommended for our environment):
kubectl port-forward -n flux-system svc/sealed-secrets-controller 8080:8080 &
PF_PID=$!
sleep 3
CERT=$(curl -s http://localhost:8080/v1/cert.pem)
cat secret.yaml | kubeseal --cert <(echo "$CERT") --format yaml > sealed-secret.yaml
kill $PF_PID 2>/dev/null || true
The sealed secret can be safely committed to Git:
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: my-secret
namespace: target-namespace
spec:
encryptedData:
api-key: AgB...encrypted...
password: AgC...encrypted...
template:
metadata:
name: my-secret
namespace: target-namespace
type: Opaque
stringData:
api-key: "${API_KEY}"
private-key: |
${PRIVATE_KEY_CONTENT}
# Get existing secret from another namespace
kubectl get secret ghcr-secret -n source-namespace -o jsonpath='{.data.\.dockerconfigjson}'
type: kubernetes.io/tls
data:
tls.crt: <base64-cert>
tls.key: <base64-key>
Delete the existing secret first:
kubectl delete secret my-secret -n target-namespace
Ensure the encrypted data has no line breaks or extra whitespace. The sealed secret YAML should have the encrypted values on single lines.
Use the port-forward workaround described above.
kubectl get sealedsecrets -n namespaceCreating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.