# Helm install:

helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm repo update
helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets
kubectl get all -n kube-system

# Extras:

- install kubeseal utility
https://github.com/bitnami-labs/sealed-secrets#installation-from-source

    # For version x86-x64 0.20.1
    wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.1/kubeseal-0.20.1-linux-amd64.tar.gz
    tar -xvzf kubeseal-0.20.1-linux-amd64.tar.gz kubeseal
    sudo install -m 755 kubeseal /usr/local/bin/kubeseal

    # For version ARM64 0.20.1
    wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.1/kubeseal-0.20.1-linux-arm.tar.gz
    tar -xvzf kubeseal-0.20.1-linux-arm.tar.gz kubeseal
    sudo install -m 755 kubeseal /usr/local/bin/kubeseal


- create a secret from CLI and seal it
kubectl create secret generic secret-name --dry-run=client --from-literal=foo=bar -o yaml | \
kubeseal \
    --controller-name=sealed-secrets-controller \
    --controller-namespace=kube-system \
    --format yaml > mysealedsecret.yaml

- save the encryption certificate locally and use it to create sealed secrets
kubeseal --fetch-cert >mycert.pem
cat mysecret.yaml | kubeseal --cert mycert.pem --controller-name=sealed-secrets-controller --controller-namespace=kube-system --format yaml > mysealedsecret.yaml