More than 1 year has passed since last update.

【IBM Application Gateway】ROKS上でsealedsecret を使ってSecretを暗号化してみる

Last updated at 2022-06-13Posted at 2022-06-13

はじめに

これまでの記事では、SecretはIBM Application Gateway Deployment Asset に含まれているシェルスクリプトを使って、事前登録しておく前提でした。

今回は、以下の記事を参考に、ROKS上でsealedsecret を使ってSecretを暗号化してみました。
SealedSecretを用いてSecretを暗号化する

1.Kubesealのインストール

Windows/powershell環境で実施しているため、リンク先からモジュール（kubeseal-0.18.0-windows-amd64.tar.gz）をダウンロードしました。
https://github.com/bitnami-labs/sealed-secrets/releases

任意のディレクトリに解凍/Path設定を行い、「kubeseal --help」が実行できることを確認します。

2.sealed-secretsコントローラー設定

最新のv0.18.0を使って設定します。

oc apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml

sealed-secrets-controllerのPODがRunnningになっていることを確認します。

PS C:\temp-openshift\iag> oc get pods -n kube-system
NAME                                             READY   STATUS    RESTARTS   AGE
～～～
sealed-secrets-controller-b8b7484d5-zr9kv        1/1     Running   0          60s
～～～

3.公開鍵の取得

Secretを暗号化するための公開鍵を取得します。
リダイレクトでファイル出力すると、暗号化したSecretを作成する際に、error: data does not contain any valid RSA or ECDSA certificatesというエラーが表示されたためです。

参考：「SealedSecrets」を使ってKubernetesのSecretをGitで管理する

kubeseal --fetch-cert -w .\base\files\cert.pem

4.Secretの準備/暗号化

暗号化するSecretを用意します。

S_OIDC_CLIENT_SECRET
- Security Verifyで発行したClient_Secret
iag.certkey.pem
- IBM Application Gatewayが利用するSSL証明書
  あとは、バックエンドアプリにあわせて証明書など追加します。

secret.yaml

apiVersion: v1
kind: Secret
data:
  S_OIDC_CLIENT_SECRET: em~~~==
  iag.certkey.pem: L~~0K
  au-syd-mybluemix-net-chain.pem: LS~~0K
  au-syd-mybluemix-net.pem: LS~~==
metadata:
  name: iag
type: Opaque

Secretを暗号化します。パスは適宜変更ください。

kubeseal --format=yaml --cert=.\base\files\cert.pem -f .\base\files\secret.yaml -w .\base\sealed-secret.yaml

なお、Powershellでは"<"は予約語となっていて、利用できませんでした。
このため、-fオプションを使ってインプットファイルを指定しました。

> kubeseal --format=yaml --cert=.\base\files\cert.pem < .\base\files\secret.yaml > .\base\sealed-secret.yaml
発生場所 行:1 文字:53
演算子 '<' は、今後の使用のために予約されています。
発生場所 行:1 文字:53
+ kubeseal --format=yaml --cert=.\base\files\cert.pem < .\base\files\se ...
+                                                     ~
演算子 '<' は、今後の使用のために予約されています。
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RedirectionNotSupported

生成されたファイルを確認します。
kindがSecret→SealedSecretになっています。

sealed-secret.yaml

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  creationTimestamp: null
  name: iag
  namespace: iag-kustomize
spec:
  encryptedData:
    S_OIDC_CLIENT_SECRET: AgBu2fnG06+TInW1D7cv/WCYRyM8DZBr5cEZhCcUVw7FfKs/dOokgAWVbzUZ1tfDQtygxzhzWPrLQpi3+tzV2OAVbFIP+dp5wcfuJI+EKMzz3LDT89dXNpEUuOBDswqyjRZ7ir4HFlJztIIbUmUCEfqNBHB++Wvmu1iemh4X0IKcPswl3eb0HK947odChz1m4TLOtZy0T7kYtkAxgwm03UcpN4XSlnuewVQ53nlpG7I4T6VHFkely/DqCUQlPfvtTCHmO83IWbYE768QL+9Bn74jvdPGQTdYGRQ0UoIXMUt0++PEybgs8cH8Ip4katLSEERIJUKZoIreIdpflHnvOtOx+DjogJdEImVA0jxm/1BF677ZSovm2UtUV5c4qDqnADTrRMrUVN+kY4ud3JANOBsV50tC4cEeasQB+mZ+0L6zg1CfBXQYFB9+5K1Nf52bBikYVaEA0rwLhvwqE5ptbx/J5TpYctxB+Yel14D5pyp3rkmriXwwmddjX4gSrDpia0mAInjUJiupd5HLmgLL8EB/wjPXMN/L3MGaor9J0lLnEYE+PtB5oDh6LawAokUH3x28K9bDcMex5hyJS8QqmKHJ07yubvEISk1gTTTEi9ywm3nST5KJHZZ7ukaGDGAMn51HGGj5sn99kVTSgmhoDtVKfoaG8xzpnxuUSOlSQ3D0Zy17KTeWw0WDAYCwJcXV563CQIzuQ9n0K/EF
    au-syd-mybluemix-net-chain.pem: AgAZGxO8fIXIFdBJeK+wYscT9et2beDciPTpQjcBPRlngn7E2Kl+7zgOPFzh4oTDorD176xQ/B2s5+A/lQD1kr7Jc/8yd44xsXjF1+Y1jcC6p2KwMhw8QVngWnESlfB78dfJ3xEhIhSrb8JfXPzgubP1t/ocgBdT4doAeZl2PjOdSz1JzPSSzHW7Fhgdfd4rZioOK6lpU41nSRFQxka8KheG60q5GgyzkFEI0V5b0sXDp4qXexzRBBl4IcXithsRiYxiuY/ytYLuwV4ivhiPJ4cPTxwdnTJs68GGInaBtqArcZOEutZt5liGdoeVaCZju43e6oCHyuzmmSosr/fvnjrEDPInX2eD9P8cjty873bPdDMXOkVRMGqEXvZrEc21FTTo6Wv3mRLoqGrj3p5ZhD8TsP0Vm9qSyfa/4EBQxkCppUzyJFHRAgqIIX4zf2CEMwsGiX6s2attAWgDsly05nuMh9aeQXSIy6tJfV9/RZtP33JzuLp/e7fmVK2ZZQ8EjlX13IclrsZjLzRf6Hr/PKd7g/i/X6irLcGizAL8GE8qNbcZu0hbpLZZZrzWrv1K3gVuvoWSXQzpQ0GCmd5mhn21bro+r83nlPMO71zZDT5am+0sGTSdZsVgmqHgOdmRrOoJomTbx1oIfGMfPTyu8f6iAmrPGZ/IwI3IF7P8ayJzjpDZi5Ay8UYpLi445s5BSlgSoCR9f83+ioBqAiP6GkQO+RereAnt1kvG+Cj0GR0yUaPh9yPhd7acFoP9Oz6ghmOC2bE3VofGgBd8kNprJi/NFF6Q6LFgVyWJo3GUjGYLc1uRXHYZQdPEa3zkueFf2x68q3dSN7bXqMq3acNxwzM+8AIlDEektQhZOI8Ci7JJ1VCqi+T1MLBR5b+nvxdRJilwG83LxFQ69KUwk5JUfJSfTlziUITgWWMb7ic4Wo1VU1t90SsOEkfFWrvaSnAYc+/4358Dha2JMLMG0X7YZSr14WjaJp4P8GG5tjSgKoEF/l61hLqyCD4NVdGKzhoKAFdnk3TOo1LSZUm/4Xuc1MUSYSEgRsQuvQabfEIEHCBgx+XGoxP3l8gKeUuL8Dg2hJDe/yNMB0hzuv27ZGN9M7cPP1pUKlqwNNsvS2VC/JXcoPe3h35fc1MdsTg+531BZWrekrk5yTV+km1RQv7uF42l7cw/mYOvtJXAgfTRmyxIrjEytLH+NPXTCK1gdxIUnqSphxu+VoniyIQZns421KYxYBE+bTIB3nSOPnBkI1Jwi+/+yO9N0A3zY7nvIXz4oh7qNXCncBJrQvRey27vd3IQrIQSlF6W+o61E/vZnecjOhWOE6kR7nuIOAYPY6Xp02eQSfPqOTJC0PyKdBASCpBG4AJn1UoucQeYnQgF8MyQ+YCWA6w9O8X4EO/9fWreqthCuRvajAz9sEyXSLqbQeax6ReCl4wG+vfiCRjGTl6XWI5AB5hwYhof9wELbBYE+da6zAahuBIIK6U2wQUpG8PXeDuvQQQEcMNnfIOzql6ede+zIgR/l8Z7bSp6KLJ4WYJqJ7O0DHfX/C8uhfCsEusIGU+whd4jgUpBqiFGU0GFsZZLJ/rEt8c8UWp5fSE1H2kistSsRsT3fCIbduQ8/2EK6AR5N4p+XRGau3SBasMNdfAmQFoZuhxCvh2Pz561D5GMobdYyyiCDlqH3Vj3F4Kex80EnrzU15TjKVhpuyZDOPePlyPoslqABSnME0zW3e3f0e29MXaP350UpOKliONwO7psXm8i8n7bV3YHmb9qsQ8KVslflxqFzFzu4LB8bL2qfxInIfkNll6A170Jem0zCC5MFyc77uqDwmtzTe+Cxu81XUde4A2QvOeCywdJgFhGNON0cB1SyQCUc79Bp21n0O6aGVZw8cKSQX5HhI5EReq+qqYyK4pEFDAHNAbtmpOIVfG24hahgYU/X8ljYIgvM3Dk0g0esdrihVt/aKFERX4oLo9Yhny4RybQj4SLkpDiPhWM/7CJbF05a94ZtlbgnOGpPN6Ya4QFZnQJGiC/03cqaXL3pkJ4eLOOHAzJa15Uyx+m+/n3REP3uzJa5BpMySrr2+t4hDPfhVkoZ12i3wCMENqrQvwWyf8SuT6dVTwVz+ddL84FNClrnMjanvsKhw5Oscf0DpqFXxEW0smuBnjoXjagjansTxmOQWYp6dEj0/ijMw6gajm7IIE+MsKjkmCmlpJMaoNO8u5zUnFd9vGY/KzK1bHA5IjFdyu0+U/fjNCw2J3H+1s7EGkoFZ8hveI2XJ3SKnNZQeojspypJyy0HhVDEp3czSfMl/G6qwgKweIyKy9eAE73STY2iJrMJSQMBVjJpA2svMH/XtCS0DlDoarj3E5Pa79qT1VQY7fs8JN6opIQMJ4dvkjb18ZG+EaInmc7EmL7XX0JvEacNbwWwKzwnyI3iBxTH4bQ720ZGAwj0h1IvSaLoHsve+ACrS9m0bM8c3ggJ0dF9xxawv+bGivv+V+JLWdm7CJUxuOqnf5qD1vJq3bunJNEpB4En4OHtXj8zufROAhX/Op1ckOw+IYotBwkjTjVqZjw7ZhpfuRe6rDNJhpV7SPxBZ+ws0Hg3wTSuRKLrXb9IyEOcLAwPzxV7PzQAv6//WzMTkq5ItUlOqbTlLpFULcABB5qvJO7ofbPLxupWG4Iw/n1y/zbQFFy4J+TQ2U4u4PGK/ZB2FQBjFnA7eGgfjVcX/pVUEKt/Qy+AwzsRyC2wN0SOlFbxx8YwHQnXpDjBJCK/5+cUOkcJ2tNDQBAPUxm9Kef55ktEn0zeMeBtxKVp9LD1bjLpxrU3Z+JGx/UGvjWEmrqS5SfXQ2guL3bBqi8+cEBiobMNucRvqkaJWIR3oT+sQSrLQ3DRBsfm1J+wAk+yeWUAka7Vc05kC2TMWhOLI3/YWm3mzxw51jRshLEbmi7RVARvjwPv7vWoQSFvcsOn3ajiiZUaigf2YbaYZ6iDtJxeJIzmc7Fu4/3Ov8HSply8aqfUAIYEghOQ7R0FZK+vVxY+4VCn0sIUTLW4wX4NVJfiV+JjvHihBieM/DCKcrRIaCicoXVPqsxsYcb6jlTSgm9G5qyK0j2VnKCY5aXI8mH+UgjPM0rF29JgR07zsJcPzelXCEpTROISdjTAuUgd7UsjlPvjlZIoxuph1KAQJQVZvSsfN/z++m2Xyu5PgNWQ+Z7upS9QPKyWKSTQd5njCGRNS3g21wt2L9cWm+Jep0XAUQ/rv8/0QUGgXQvJK01Ce3KOhJW6gm8UGJpZFaRE4UIblvg1M8akkMvEXtK4cGttEsC4FN2zivI7Yg55WNoVf4DwYMOGr5iyBcMvBntmC/rFK6YLFOIJ/C7GN97jO9KJ9m3kKdnGoJOpl+zY1flIPuGzGYmsPTK1223IlriLoulgkkfgcJwrBWT9uLjk8n5DqcpuYgioLndUc2oKTAHLZIxQ8J0AchvYz9R8oOr1rYswuANs5HRTdAvl82OLGuS5+jE7l1/xZYXlmYqFXGMHL1/Wr8G116Z2kSE871BMvOzgXW9BVhFUHuGuCYA0xq2JOKjWY6/MLTpiSWjpGCjn3L9WWNOVRnRwtf57cmUUj2DLV02Rnv5I4sMDFHbEsTHH+TIZSHH3YkfqzzGKL41zkLgOMZOi+ksik7hP7A0xsv7eue3B1IaGDQRZ02FF9XmSTn7Hqs7PBHgTJj0RG3eZyWomkarPRhbg5bidRhHYPz2aiz5Jcs4i2va0TaRwo8hvWzj9IdvTHHGwam5JmYBRVt0aJeMfFJXgaV6RONY6Xi+A3aa7xy7VWJIAYNOVETB9c1Konp/j9QuQmNcAPynnwZCrq8e5GpxST45U4BGde/4Hs4OOGFaQ7Q5rM5Cy5l2nbrtguEr312kXsqlv0GdwmowdDrrM2S25IsBq8BeT4l8+6wBrDtgxD6rBMHcjkrY1kYLV7J1JEG7WpYiLISmCPnJv2/TtuZW8DnrRCxMvfp1wn2yL7bYUIR3vOV4EmslNwP3LLN/IN28zhuFsh/qRvkDaV80/R+IbF0/fzREroS1OD3H5SvBl7F0WDgzo6a6SrSBJpPBJZeU1yhkgCvVe4VbsQZ7o799uOrESjQ/41HazTNeNqVU+aoRJUNuXeFSofOnYh1zHqjXNSfrbG3KsoWpo0tOOHurO2fQnquZHTkRV6LbhVOIf9ejoyYsoeCoT+D6BvO7ENA1RK0AXG6NWySupPR8vNaynG4sGSo540RvWV11Bu3KqQebhEHjR/gz9Aa4aCvZDoltGUC+YD77NyYxrRtyBv5ox7Wg1HE33Hq6NTHlQcQikqh0UtVmb18soAnyO71TH7ZgJOWH2Kyr7L6Scf8PkUp7p9vzL3MOEaZpERyoUNGq5irL5vIQjBfYb7FLNuq+n21qT6hsyOfqCCG78kIxzPuWRgROljGlBsFXi8Qy5G4E9Y2ZM4MIo8bkN7iL69++MJEeIY3ZQXkNygnb4dbHtuHshBaH0GqDphcUDxELhCJ7l3mpkSGd0drIlanSruwzk4a3JQ5D+gv1B0ah+hwD0vLP9KamLUIGFhsPoKSMr5U0GLwImcPzJqEMXAu/dUTZXAitqBvQpLgX9JgTy1HICooNcS3uvIcg4GomLTyprd51CZXukwPwnHSx9tCfqmQ6oA8bTQccRKVtO0OWK9Ub9gFr9iDuyVv2QChmotn0DM3vPpCWzIT8sZmS1qoOvo/N3ozf0Bhi+vg5c0x2ci7wapSGgxJqqUoos86BGs2w09hSZ/LuAgbNrmde+aOmUoO4mH01IrZcujrh2ZGP09Zwulk59wXBZvLCa6QY0h8NgDzCdUSQPdDA442iMnir+QtjB3dFnqzqJj4d702Euaw23HAG2cifOcLCXwQzo1W3HVybcnliJZqF55B5too8D9pV1k0O0KyDr3g8/P0ZhUkRPJKQozNltL7o00MWFIpz6fsRF8Tet4rfxo5TAHSUX5e9xOyI00guIPBoVkpl+PzJhx/oGvBGqvjezFP4ToK7vz/iv7CVHQVNeRpYN7qh/dSA6Y1ryRJeT2V+e9PD2Wmr+acMOvP9mpDdUx1UeaGDs9zaZh+RhJO4GQtq8IaRWkzMcx0tebNn8MXjnX/6GvId1V5BPfIjvugIweIGlLQDBjT1BOCxbhxYbcvph+v0m91mzc3lDjnDEa5e81kfHRcQB2DW5GvvAMeEPCrKP73IoH1cYROvXThoDj6yv847E9aFTlMfRgPu53tTdUkVKUtwWQ6btp1GFpB4tOZ2tbXztxQsIbQs0YV5tJZrLyotUNgv9ESw9/K5N/vI9UbwPMc+NfPEIxE3mfQD8cQ+KFY7ZD1CaUR/qXinOzhtCvqGR1QRNbxpOMasMWQqrsR4CPX+jlETtX399aXshS6edJbmUNrkmYEfQTh9cfRWF/S75W9vMzVTHRmdKfggsWHBAEUWW1HAAvlHnJbmUAkbz3B7lKfmF7pG7xCH2ySt6LRXT9SU7BiCkdqZWBAU1WCEjKs/OfpYRhoo0lMovzfsc6amgQ2Ubdqi7W3d/mi/DIcTDRELe5k5bN7t8b0AA49cmWSd/9vxnvJJQlomg08ckb3jg56V+qlTmRkH2ic4gtAvoe8pdYvB8L3/0i79gfs2doZ6W0fo/8wBz2v5cZFYDUynswlSIvp61o+5JvEBhinZOsnZPb7zzlatUvJJyJkJnTsSdxMtMdu2IVgxbRr3alYX/R7YDZNhdpCGREdDYX7byJRMkvG2hfxCFazzkh9XhbPaAvN+lGBM4TNXG2bibSc0G3AMEkZ3+Pb+zQFi9tlfwEKdcRa4deuVNT5IlZp/2RfMfRzFRS1u8wiagoCANsdbD/iNTmOLMv2/VTmYRwLVwafxnKtXjqTkvpl/nhEDro2K+YW5QDO4itb0IyxEYSTrhLcajl1wulq7/XiRwlmeXYUvZ8PqsGOFKsuxgttbuChoJz3wN/17HiQBuNi3FM7UqqrRK8dHX52vJW0a4cGNl/p+K132o1WP6VM5QmkPCEp7asqDUTEtDkdd2kBU6Q306YCG1bNPgVXfUhTl1U72WSVNz311wH4UwKif1VmEPP9OnYbjyFCCNTXKFk//yptfMTW3dapkjIMlIYbZS9mkL/7pUw5E9KJ5j4h/avyMaxaOGbcd0yzs1P31nFrrBz6uO0pDOkkUNBrKQrV+fTqcNNWyEAlN7K4yi+nRgRjo5cUMGnEL6hHpoDvvy00F+vlQGUDUvxbjluE3caUjrNiS38FsBoRDSir6mw7JZQJSNhtMX3K19ur7K8HjSnz9LAq15Te4Fi8KgHbrukkzKFjOX9I/6DGydC6PEk9hiux2grkc4HfTL3/jI0JhiL98fkY6+Trs7aJhhn81ASwupFrDvFHSholYQSKQ1RDOvaGAERNeLOqPg289nZpCn5hKFHLxM+iP6oxtmzUGBkD/osY3zBAKWdfy3PApK5NuKq1xbMsjgLx9t+mRClJZEUxsImQHD10SVbKFB2aW4Dz3K7EOQ/fVr91YjcOuUNn/IokxU+18zksOI7DZXHh3qEipgMmnTSQVnpvI0B75gsP6dlmbIN0dwbdKaKvjMCqWFm0JcnGAfEGg5BN1uZOWOq/zhjtNR5h9CgNXmHhRIr+AHQbHWRD6y2k+DPa592zXABzuLqv7T2c3w6s0zidEEN2V5JM+x8KqFTgtBbme/rtL5T9qhqtqRZGdDconNz5zVmvTO+vnVJihFicffR+uXNDhH6c5Sr2Y+B+1s4zK0dxr/cuW5q0p5FxTioZdg0dPHLS9e2YZJ/sA3aN5n00ZKPfV9WFFJkJqirn93KCFh6Y4H9yACTiaS1SyHeQNJ9Qfu8+xfhGV1duhoiSf1f10njRE6G+wX5AsXHvzK1VK7LOMRdh0UFycW/MqKWOEI16ZxeAK7oaergl35wDxV91gXELupvch1HilfYe2smNrOp1Jy0fNtSweJ4o5jFnw+9/tE+00+7/KLDWhc99eHMOxRO/meigm1pwHAnnoc7Bh1Y5Tu/IGMUln70ESsIECg4IuHvQD4K1ueO90erwAlUe0Av+lLUSFSEasnOLDeNeWgW80hN+Plozlya0XjFRhUd9bkNrp5gj6c0mSgQnIbOvS8U9MzaRTE7+87HGLIcpI4j+E91t/pD1Yo8TNGN6wIZ8S/CIAubzlVWuunLGu/KcdmqFYhD+t/Ivx8zvd49b7YMWjE3UGD3+2VCtnzFUmK5Nl+TwsuhNqz76TTHFxYBxuKOZ1RRaK8LZlg3USofQAfZycjw36mG8+eRjJmmBdbf3h42JWLu7EI5TKXbA0Vk1lFciInkJTvB9F9c0S9Ky7iffvzHJBEowYhA0WcMD//wgyCnkcHvD3zM5yMer6iLzHEXmj4Fziikv7Kk87oxlugvp0s7AniVjq+p9QEaqBVsZWhz0K0FzH6Sq9FSb82TMisuhPWyFH7ug4NsWLley0bvhIUBcRJx4ltGp4UfJxpDNU7NfyVqhVtlYTRtk1ENfQu5lQ/t2zGlFZGk+9d2Cu4Yj7YuopnVSZKTWen2kA8mKtGfVx6QrQy4MlW+lf4F9ZZvkGhhNV4a07R2N/nIfwYKxB6l1LSFbkb/38XPoqLAuqcNapFJ6jrgfkufgrNQPlB8HYP8xDNaK/OAoQWUJA7eH85a/Cp6OIY3XZV2eWorYfqnMxwZaX6oUjojiqxPnSozMW4fngzNFDB1ACX7a22QWssxo07GxrCPppcvixI0z1fwpvKxZh/2DBLnDWWD4S/iQXupfGTqw7VfFRe+y1wV6TSd94tPf86e4/mDQ/5r3z96gCackDvDsjCHTVJ065xfi+GarV3maX+V0gA3SkZPBucq3wlhdEi481Q1KwVdKX4wfF3uDqM8LcoYPANxSs1ykXgsV9q9H2ACmAQXt3LSuWKlIPFP9tmMyRFLqt6DJnoNuSL66S3Dm07MDbeH9EWAB2rM3Vuw9CHHLDK2xZYFNBS88LPzxHKRqUTmwqTmjQc0c/lxC+ro5i/S+II7Bgp3663D3Olk4yiNaCle7sgSrz0w66u78SnbunHu9tqhKf3vsotRhY+26xTZ0kmO1ngDLncYBpkmWAW0qZ5oRn+uBVFdDvdH9Mx476fqpzczGDjjGKsw6wmdspRFM5Xe5NSFQd9fyciERgJooiis30WBZC7flVnzl/GcuWZUl3y8+zRsn5biM=
    au-syd-mybluemix-net.pem: AgCT+qnutzC756eIHJCgvmLwfr7cTIgyC3OpA3K+CbfiP2y88ZAE4NKldh+y0f9OQsGHdd23AYDd9cuYQDGSvSFQF5x1E57mTkmWKMeXXknCpAyONK2a3LVy0PXe2agYORRoezfGQgpO+EtqGWcFb6e/4FiUlHtxpeT4wyX6JDHhCmz74E0tLWjiaRyw4q9Mib4R9Zqsu6Sn2WywDdUETmIcXaSK1VZzsH2RvU9kYjX2n6VqO/aki4dlsOZkF4K9zdjH1WeXhOoSDyrT075zZDTLCu+UBvimCERTPIXKH2VRJfeTTKJPxUs2i7QvGKXZF3+/v1aGq3CUaRWMZqa/lTou+DoU0RTVDi6H8CXqjDnJw+jav5kxS18aM7Zmq3SgSz9BFqWcsgFAnopIXwu7qOxsc0LDOUZoKVlXj1OEzuxg+dg/F+poQO6wlms/SLmmD5J3TuHGkJHrt+7FCT8NgASW+L6zMPCxtYMjWH0BWTDbkC9VdtP63rz5QYJ7t1kCuflN5hJl/SDsdJtaxxUX061geGgbGytJAbBkuy9c+fhEHQBlV/TePfehkYSmjisaUlXHkzT8Bp5JuHgkxIpB3SEQnujrWM1dLuTO2i+X58WT60tyDx9lBhOSJi38qjpdj2V7PeKkUQr8h4MfAksB38ppmlG9lcSl5PC/vlErb/986OAVM64PavB2a6MbNTEIPagknsN4psV+JODdbiLKilzfTJ7CRkduRFhI+adLhMJn3wA8Ivlcr0LI6miaza31l0GY++QmVy+/VSWC+XzzPhd7CUgzkYmiCz23SmEauMuFpwjWy0+g9VD14B+weJuCucivFkPxN4C/7FGMFZIgnctWoaUDLkSwExwaoIHE7rCE2nGJoFO5HnxC/nFusxFm9sYd/sK7Sy0jN6YqWEJYCrUt+MdDIY/WCgyb4NjidInhiGwDcDtepioWUMBhwU8P+SHgGOuCjbzUCYNlT8BA4gpakoAHkOg+AfLtHv1hdAsSn6zFOC9X/9milpAdwquIL+DFBZpSLec3jg5EKSOphsNu6DhDiVh1frixJURTUT2GoCL4UQyAXQacWRdYYrE8oLKVK2o0I9Qbl9Grh5RjYap3Wqx6n5z4fFJxN6qG0V/8X0lvGqaEPW7eAw4xXSZ/vUKIW2huWzVcv2z0ZjaSHDRGQPPgawI6HM7jl/Q8vwvzzRn8e1tvFtwjcU1Gnse/Z3thpR2eyXx0h8jyyPq3Xx8PjKnGiUBa56U+cy6i670U1LeN8JK7MDggD2PHRjqlGQLYl1VnOx1eocFgGIOl6QN+ucmensG4YZPG4epuXbrKHWOKw80qwWsQnOklWpqRJudfSJ/+7c4XRLyL+4lnprFxHIRK21/Kr92Kb2KY6JQdKHI/CKV9AwlAEIHBAtSsejAEyZEIZfGJfl4hqbb3IKhKXqkhY9JHbD+K2WDITbfgWAmA7Li8PKMlPakNdB0PX4SBs14WxS7qNVUTHXtSFvWYyK6f4umBT9/4EUX7CoALyTr65hxL80fuZzFXQH0TbWNsKtdqS0kePIUn8ONPrNsk45BcNWllpD0L+nvMmOeI7hdiBIPCkOEIdj02fYViLdbAlASltWlB7wSLhPE8ZEEMoI3YZoXdhhuzKX6XzDKt6ulG1U1xu4671ETEs+4m6DdWldNoG3I1SUMLqf9BSFWm6ymiZOXchxjWcnQ+hcvNOYw2/ptHc46Zk/ymNvkN6nNc0ji9j49zUyLngDe4gfpcV9Uo+A8K4yKCMXXTO1o9Al05xpodlj+me67HT5SzukM4sZbeogXGrq+cm9aR9pt+nRb5KitOMXurXGNuQO8Hf4rlqeQapaYLy6wmuWIHRT2Ln20fbVsK8jph47uC7H6W4hH1Qm8hQY2tBDwRfbvjtnY5Ll7WPnSx4DWgARQAPASJ4RZ4U57x9M6w/Kc/ZDUl417d8w/MOIQwMlO//53aH5J/6nProeaNSroIUh2mJqR45YYCdI5JDHn9ueWdWNVrZAErtFDJvw5TaKEBkL2HNSaP4buQd/riaDJYgYTNwx3S6d2SjlArpgGJnIZq79hDyKLfUA7XKlNH5C+OGDcGW9TURSkO/HyTsC6QvoZLnvuDOOGqYIG5W/VcapEL4vkFZ3PZOtv+plpdbNhAoiHynhGEq4l7ItjJ8acv3H4winJ3Ly36Acb1tgNMFrpgRnvkbgoI8Ed5P+Xnnei+fzGmcSwk/RsgCxrAXwCx61hDomjVZRuA27AmrwLSE2j6/U3SKHEZoteBkbtissLuodGQTq2Qw20Yd5Pj+lyd2tcNy49+9oyiupkpjqnfBVZoEBagqYl8H12QiMB4m1EzgKTqkYnA6OVj60FG3mnoOaKPX2HBuOdD1vDGlc/zk6l8BRlBVuCEoz4WxdoLReBVycplbWc6rtvW+ZiEwWobxp+MapWsDN2Avkra2K/fKGyZimtouWmiuLFxZMYsgEt6JaCmQSEJU1RUEFogpnEPIlE5LaTRFCFlPkvG1dwgBuOO/5VmpBmT8TEaVfoTkF2A57cLpzu/U+HE/+7tAu+lEHJHxatZYZiCSi6A1cYQFLszkmf0J9qrm6spyE7IfbkYz9H3HyzEGbMVDeQ+SilxdwR8dlIfexA2xjEVIdaV32oOPHlnkOQnK2O7448f1TvA/cSDQImtbJiCukHcI5CVw9dWubE+QTktFZ/G+CwqXLdwKrgtFENrQCtTgU62Td92v9rF9St8gdWCWxkeKbkJeXtiIc8/491j9AvIBvFZkbq0mdfpd6bvunYBqv+9/5GpV5Oypg7CqPMC6+RR4BbPwTivlj4UF9bC9HLDh0iM/6BQ+WfJAu0j4X0L2Ib61actPwBJFXKfUicTCal/3zZ1SKImXlaWhwAnhrMfnW+97z854gGl4/kNZZgYy9yEvy/ILRxLXbpiB79rxJS+xR2tMUkNnYrihUfTXXO0ekCfLcHq5COVXW2wYNPP+ROmvt/6kpKPPx5EvljWH/ji3c4UQrru6QnsQZ98
    iag.certkey.pem: AgA4YgnS+InBvwy3O/Iqt37pKAUU0stsoFOQ40vWWoeQ7cIPhUVJh8oon5zCcAqQ5dErNIejNCclHRs4SgSKLYKmFbB2+p6EktBBB+JO4bhZeqOJqr6kgFWx2Je6Ub9C4xssGBfpl50/YgOArYK44EJUpGGgQ3WGLMA1GqMbRdj/luoD/64cgdBml69pL1CH1IlnMkmUq70cqlBrQ3wxL+15BaQMqLVA1Bs0K5pwFDs1/KPYrN10//IfHviuoCWmt8PE177Sqh4ak6VcwMPNFCDRRyGHSIAeh8ZX08gsp5sa/k4NbVsuoqNiJDeNuhb6wxtS9/jNBpQ9GUQYL4NxhCAKrd+nssFNq20HQTcYAy1V5ZOLDela52PQ/FMPDmZrWmpuFsyYL2Jmjd7nfjmIqVALioPLp1V7y6RSxytj01/YDi70pQlfsd8uNAPgo9AC4sXKAV0BdnALZa3BBwTePCXLEZSL9BC1GrIZNd5uC2MQUcRbvnL4L2vBy6MELQgKvN0qPRPnTb2/5f3uDQ79Z/uNmxv2DbmEGG28VOoMjgXB0VWuXv0B9GNAW8IzCyReW3zDiNb1oUX76CDzRx6nUhTA7CeVoii6BbgM7mfiFRCauyI1+8yDAFv0gRz2iQBlpdOEQPNcQ1zrXyLE3e4X8N16Fbt1bFWrgkAXbqVaNwtWizY7I439vAxsONu/qkmW3jHCBHhRvP7T6u/ISihzv3ZPftsVxepm1gnOnLZMLGoeHwWB8TA+S4xGILLg2McYzp30xm+Dsw2MlqUxxCBZREyNpKWRa4APsHZeToX/ZjvCD5aHsaV7BXpR0zNlT2es6fbyv5M3oHkrJI8LWHzE+GbRKqAlBRDDmHA1yeNWqC5LA7MlfunBqhr5wIxIdilYbLARb2PV3uqai1dMT9StGZiI3x2iQeGvjdYu1CG2p2bfmYtK6KOiq2SM85AafPtNnZGVeJNG5usQNhsdoN59zTAdX5+Wm7bRMTrj9gDKGWWgd3UMwPa7qUqiFyd3H/emYvGZpARK/rNoJWEyeXDt2KeX71gwmUg/gTDG2v8liCL6b1Zy3ZHMMvokrX1YXWEzXI8ng62I1NgPig89u1dXLfYvfD63JX9G+JEgmyPU8XsqwY3VcA8cqoNM/9RtQkZPqwS35lsJB6qLTop4gcNz0Ze9fBt3/WPGo1PMzQQy3bsY+N9uG06nmEHt3N25moY7Aj7Kc+9d8Isx01fgin7BD2y9s1T95UCkcVZXHrQNk26GaZCa9mP76fyGj9nG4509pFD0TtLFHlt3cSfjZ8aLyASk/q70HhYY96walmOjhagbNfhr6xVgTJIbVa9IfWqnRoDe9HS78GZBhMbIp4GeBOu+H1OcjC1iuPxJ4vOLu1LbvfAbMEMF/SQL1hI+vt8z/+y+menOvKQoQmqBp240ZZOcGGjb8/lGAyCBGWCKv6lBZ9r7HAhabRAgl+Bfjjoz/En7iWPInG4Gx2C9v2stjc/9tDZysJ+ZH6Eocefbwqd4stOCalD1jrM4H033My6fCKYmUo1xJabYl4HrAsablcYHFIGXhQ3Q1Qk/szha056yaQCzglROnkLMENXtblspGJEHYTy+a3Ee70211gvliBd5qOSWlHTj3ynL2SSNwt08MHMCo9lHAp6XLewPeU03rMwXHDVNUGNPv/nVtpEyjJ2W4ECYlJo1oJYKgG6/+eY1Ik4/WVQzp1Y9wD6aLXEghS7oSQTf7VqB5S0nvsh1XhqfMC99v2F4Mn3DF+aR9Nl7EPCm/C3P3CP/CqEioD01yf3yAtCZr1XdZW/QDjJFYkZervr2Db/WSJsu3jIQPTkmu/prx1xT3qKr9Tj1EovdiluT8RhRWZOThkbFJAHzBHLYE2rrHCGl4ETrJoOZJ5QMW4ikAvJLU4BfluCEGOKbIhC4XycXUXQGNmP9LskUAizUqYPe+48mKBOlv8vp8MSVFBPAf3XMlUMI9O2csuk/+6bw9ke4h9H1QqL0nVKTtOjQaOYGBrte3o4hZqtH2KseOSQ4eVXS8wSsMfynZ71kUvwdLDy6xaYLD0XsYnEXXb13lrDoHHcgKBS88bgfdKj/JIX6Qb72Gi4/D+mxk6e9K8ZtahaaRLTyteavY2HkzBJVsSbSKzKlcz6DSZvSMuzZ+HIGcSEMhpiLpqaxNF302AM3PF6Kk/e9fY+l5aTRvs/HB4D/YkBfA6zw5q/km5v67QlUPbbdNxpH97K4FuvcOCV4OPrFDb3fPVDr5lsxjc8W+2NDt6c1hc01WeBt5RlJBiRq1wmk2v1MuNMqJP53fQ9JwazbL3+QkAx5LkQtz4e9hfC1cigz3kFI5zvktdRebYS4pJovqRUCMc6EMUoNQsjvewQ0PISdEG5gTYM45Oib8XMfU4VIleef7zVW91iVA4oRHjBWMAnKaYJbZKBeayWjPUjX6VMcDnjsoMjPlA85Sq04ZqysxYQV84RPmOfFZKpsuxUg7AW2862dY7bKjIg5ooyXeZplcB/BPEYM8eXHB+77Ol9h325TKkv0DbhbDWRi66nlw4VmOU9I5dJtfKEHbGCx8iE9unpdPiigbYBKq6bYENyTLCMYHajjQUOiz2YAFT5u1HERwnaYmiVK49u54ctXEDmnqxweQGfjzHuF3MZotsizH/is49wmZL0xARkiPdwsTwlx5jkjKG2xynOmSm2qA2Tx2cOgNvSRs+lRp/jY9lZUsj88hilqUts/fPnN+ie7ZMNsmuAFCVaE25k0ZlveLZzXro8Nxx8HVJ0UdFG7kzNdx+4376sZo0dWY1xxaVeieIRdlE7u9EcjNH5jUfdmS6HmH1/aYpSodlVA0ozI1Q/SfKsCYqTW++rwKpKk5fXf9rK1uleMmUzX+uTsWnv0q7yvYqsF9tVjekiU5d7mK/BZRHDe+c6gEgTIJrqojjM3QQMWSvtcJJygkk9JagqYup+417J+c+NaiZejc9Ipc0mfeNv9U9LG+itfo90cjnePUK/wQXfyawhd55ykaLKQunoDJuuWc33iaHcSEoxuVJfNvSY/aVHFzCnEKhJZit/ewbDbc/+P66cWdL6q/U4rhNmsKfL6ZvfodoXRCjvvRrUQ3qMAOaNPyKZLoXnM8g3TlOyJiS63cPGR9MoHUrBlTgQlWjRBH7vx6h8oxxvW4Dh1bHKkD5aFOMb5UQHKkPpymYP31m/xZw3qb6/EmYFepFsTac2ZX8BDbfT/7HicFobiyyKe3KXcwR/FUM1qyVaUWEfAkO3jcHxvQZQEGy6q9v07GYteXNHydyIXzKdBdGoDbDucGMXEg7a98djQwTdJShWM9b9HQEy9A2cySUhgojS7D4cQe+av4C1Ihba3WsDsukvtm4tbbr1Drs0bWR/zkO/WcFYrwvmvShLs1lyW86siiWVL/kHVv77YQ8mvj0eille7lYPr1D6ZPl728KZ5YPsNoq3yKELPtQvc3hUKyHF/MEGazhRBBN2ZsHcu13pmCRKj2zirZPgNDVQbvx4Y97LRgWhETPK4iRFFbwk38p/RFg49wiRE0zcyRp10A0zQqJhfGpk8xRDDI56A3cnuGalzDW/4KVWKHzpNCWRH81iHbx0pcWc9bBFj+g9U/Ups4BPeq9lztDv7sYGXjSlWJBH9MnqH+KBeqoCOW90XKBWK9K6vgX9budPD3QTw533GIfXHMvCO6LOVJ6v+PDqLoCcOvuVOUfhAamY6MvXN1IGJcXmVFo7Ix6RdhpTra/Yo5rwZks60zO3+Pz6iuwA4Dq7w5pcfRVHcs9Q/yAD704zcfDVKX5YhWnv/8YEMxvt5oTMDTMuWYLhxyYLjqciPM8vlA0Lh6rqXtysNFtE+zf4mxluUfPbeDYIyQA0QTcTOT7kkUZr5H1aMnCugbkjBvv7sDsIgYR6AQyg+Qa4r4Jf0lPUJ0Re/4iCrXcvs31h79L70d0z9Zof4a8vHKtF+mIuJe6WScVfeuPeDT5d2I+plWK6rnJKJRQtWQQ1dkDIGUl18RFoYyzzmTlnxAl+a0rW7Rlb1BjpFBRHmOqWbVRZ43MtzQR4G21WI7CH2+2Vax/o7YZswiSY/Uz5nR+6HgnSINw+QMT5xXoo4ysxvJL3FYpoftAH7eR4PfzswOlrLn/CDk9bAfzhzZntd5d/CwToaPhCb3oxff3yow5mo13jpqRZYKaazD/pvtgUQL5GFXzozFbUhN5y3HuUmAx9S9iA3Ra8SCqZv/ncVNmUzUWWz48VQ36TTPb//RPxAR5c8AzdAbAV8bgrl3KWlnrIAAfDw/HK4/FnG02xrZ0ONJqD6144HznlXsl6kQclUqOKvl4r6xQTNdD4+RQpwyq/yWHULHjO7uxlG7e7g8dBWdoZrDN7+mQKP+IX+UVZbiILYi1TFGQT5Qc5/jcI40WGES4hkId1zPxj+DouX8T8+l6J3bTkPLvQYbQE881oDn185yTLeSyCpw9XrFFgJrwIcnjZT2czTGF2I8WrFMNgaX1jAcM/s6naZgbC3VOhPklsW5VmTOVXj0yKMUrR7uExj74gTCyd0Gk2jzz1Xb+3WoUciRLO/ceTw/ACGsNgMR+HtmK7hlz+MpJKP+okJkCkekUcx7sxsOrTANQq9yQKXPqKPuynMCQAaeZqQ80yl8uZTF8g=
  template:
    data: null
    metadata:
      creationTimestamp: null
      name: iag
      namespace: iag-kustomize
    type: Opaque

5.SealedSecret.yamlの登録

暗号化されたSealedSecret.yamlを登録します。

> oc apply -f .\base\sealed-secret.yaml
sealedsecret.bitnami.com/iag created

復号化された状態でSecretが登録されます。

> oc get secret iag
NAME   TYPE     DATA   AGE
iag    Opaque   5      15s

>oc edit secret iag

apiVersion: v1
data:
  S_OIDC_CLIENT_SECRET: em~~==
  au-syd-mybluemix-net-chain.pem: LS~~0K
  au-syd-mybluemix-net.pem: LS~~==
  iag.certkey.pem: LS~~0K
kind: Secret
metadata:
  creationTimestamp: "2022-06-10T09:31:08Z"
  name: iag
  namespace: iag-gitops
  ownerReferences:
  - apiVersion: bitnami.com/v1alpha1
    controller: true
    kind: SealedSecret
    name: iag
    uid: 5b5b798c-7b8f-47a2-a1bf-fc232c8d9a8e
  resourceVersion: "172916210"
  selfLink: /api/v1/namespaces/iag-gitops/secrets/iag
  uid: 1f49931a-9908-4477-a625-4341e8ae60b1
type: Opaque

SealedSecretとしても登録されます。

> oc get sealedsecret
NAME   AGE
iag    7s

なお、Secretを削除したところ、以下の動きとなりました。

SealedSecretを削除すると、Secretも削除される。
Secretを削除しても、SealedSecretは残ったまま

最後に

Secretを暗号化できたことで、Github上にSecretを暗号化した状態で保管できるようになりました。

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up