Generating a Kubernetes Secret manifest from 1Password
When you manage your own Kubernetes cluster you will inevitably have to manage some secrets, and if you manage it using GitOps practices you should know that it's not a good idea to store your secrets in a git repository.
There are many different solutions to solve this problem, but a lot of them rely on using some kind of third-party secrets management platform, which can come with unexpected costs.
A simpler alternative is to use Bitnami's Sealed Secrets controller, which lets you encrypt the secret in the git repository, and then the controller will decrypt the secret inside the cluster.
This simplicity comes with a cost, as it becomes quite cumbersome to manage many secrets since you need to store copies of the original unencrypted secrets somewhere safe, and then you need to re-encrypt it every time you update a value.
In this article I will introduce a small CLI tool to that alleviates some of this by reading the secrets from 1Password.