Bitnami Sealed Secrets

kseal.ps1

<#
.SYNOPSIS
    Powershell function to seal secrets

.DESCRIPTION
    Seals all the secrets in ./<env>/source-secrets and place them in ./<env>/secrets

    Remember to add this to your .gitignore file to avoid unintended leaks
      **/source-secrets/

.PARAMETER env
    Environment

.EXAMPLE
    Seal the secrets for the dev environment
    PS C:\> kseal dev

.NOTES
    Author: Jesús Moreno Amor
    Last Edit: 2023-03-15
    Version 1.0 - initial release
#>
function kseal {
    Param([string]$env)
    Write-Warning "⚠️ Sealing secrets for the ${env} environment ⚠️" -WarningAction Inquire

    if (!$env) {
        Write-Error "Environment parameter was not specified"
        Return
    }
    if (-not(Test-Path -Path "./${env}/source-secrets")) {
        Write-Error "The clear source-secrets directory does not exists"
        Return
    }

    Get-ChildItem "./${env}/source-secrets" -Filter *.yaml | Foreach-Object {
        $secretFile = $_.BaseName + ".yaml"
        $sealedFile = $_.BaseName + "-sealed.yaml"
        echo "Sealing ${secretFile} secret"
        kubeseal --controller-namespace c-sealed-secrets --controller-name sealed-secrets --format=yaml --cert=${env:SEALED_SECRETS_CERTIFICATE} --secret-file=./${env}/source-secrets/${secretFile} --sealed-secret-file=./${env}/secrets/${sealedFile}
    }
}