The article discusses implementing a hybrid approach to secrets management in Kubernetes using SOPS + Age for bootstrapping and Sealed Secrets for in-cluster management. It provides practical guidance on setting up SOPS with Age encryption for sensitive files outside Kubernetes, while leveraging Sealed Secrets' native Kubernetes integration for operational simplicity. The solution addresses the limitations of using either system alone, offering a balanced approach to GitOps security.
Background
Secrets management is a critical aspect of Kubernetes operations, especially in GitOps workflows where sensitive information needs to be stored in version control. While Sealed Secrets is a popular solution for in-cluster secrets, it doesn't cover external configuration needs.
- Source
- Lobsters
- Published
- May 31, 2026 at 10:45 PM
- Score
- 6.0 / 10