First let's add a new repo to Helm:
We can now see the version:
Install the sealed secrets controller (and create a cert):
Now we have to edit the sealed-secrets controller and change the renew policy (basically turn it off: https://youtu.be/u0qtgUMLua0?t=1209): and add the renew flag: save and close the editor.
Install kubeseal locally. Kubeseal is used to encode the secrets from a local machine. Simply follow this: https://github.com/bitnami-labs/sealed-secrets#homebrew
Let's say we have a secret manifest file called secret.yaml. Keep in mund that all the values inside have to be base64 encoded!
Now that we have the bare secret file and the kubeseal cli, let's create the sealed version of that secret. The values will be encoded using the certificates that exists in our cluster
only.
You can now safely include the sealed-secret.yaml file to your repo.