#go#devops_workflow#encrypt_secrets#gitops#kubernetes#kubernetes_secrets
Sealed Secrets is a tool for Kubernetes that lets you safely store sensitive information—like passwords or API keys—in your code repository by encrypting them so only your Kubernetes cluster can decrypt them. You use a tool called `kubeseal` to encrypt secrets on your computer, and then store the encrypted result in your repository. When you apply this encrypted secret to your cluster, a special controller inside Kubernetes decrypts it and creates a regular secret that your apps can use. This means you can manage all your configuration in Git, even secrets, without worrying about exposing sensitive data, and only the cluster itself can access the real secret[2][5][1]. The benefit is that your secrets are protected at every step, and you can use Git workflows for everything, making your setup more secure and easier to manage.
https://github.com/bitnami-labs/sealed-secrets
https://github.com/safarijv/kubelib
If you're adopting Kubernetes as an orchestration system for #machine_learning jobs, the last thing you want is for the mere act of using Kubernetes to create more problems than it solves. Kubelib provides a set of Pythonic interfaces to #Kubernetes, originally to aid with Jenkins scripting. But it can be used without Jenkins as well, and it can do everything exposed through the kubectl #CLI or the Kubernetes #API.