Sealed Secrets

Docs
It consists of two parts::

• Server part, the controller/operator
• Client kubeseal

To install the controller look for the sealed-secrets-vX.X.X here, don’t use the helms, look for the release with that name. In that release there is a controller.yaml you have to apply it in the corresponding cluster.
kubectl apply -f controller.yaml

This will be installed into ns kube-system
To install the client on your machine (use the version that appears in the release):

wget https://github.com/bitnami-labs/sealed-secrets/releases/download/<release-tag>/kubeseal-<version>-linux-amd64.tar.gz
tar -xvzf kubeseal-<version>-linux-amd64.tar.gz kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal

Usage

In order to use the kubeseal we would have to have access to the Kube API, instead of giving you access to this what we can do is download the public key of the Sealed Secrets driver we installed earlier.
kubeseal --fetch-cert > sealed-secrets.pub.pem ( be aware of the context we are using for kubectl in the case of having several ).

Once installed we can use kubeseal. First we create a secret, Important! set the namespace in which we want to use the secret.
echo "very secret" |kubectl create secret generic my-secret -n nombre_de_namespace --dry-run=client --type=Opaque --from-file=token=/dev/stdin -o yaml > my-secret.yaml
Once created the generic secret we pass it through kubeseal.
kubeseal --format=yaml --cert=sealed-secrets.pub.pem < my-secret.yaml > my-secret-sealed.yaml