A kubeseal companion CLI - decrypt, export, and encrypt Kubernetes SealedSecrets with automatic binary management

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for eznix86 from gravatar.com eznix86

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Bruno Bernard
  • Tags cli , kubernetes , kubeseal , sealed-secrets , secrets
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

kseal

PyPI Python License Tests

A kubeseal companion CLI for viewing, exporting, and encrypting Kubernetes SealedSecrets.

Installation

pipx install kseal
Other installation methods

With uv:

uv tool install kseal

With pip:

pip install kseal

Requirements

  • Python 3.12+
  • Kubernetes cluster access
  • Sealed Secrets controller installed in cluster

Quick Start

# View a decrypted secret
kseal cat secrets/app.yaml

# Export all secrets to files
kseal export --all

# Encrypt a plaintext secret
kseal encrypt secret.yaml -o sealed.yaml

Commands

kseal cat

View decrypted secret contents with syntax highlighting.

kseal cat path/to/sealed-secret.yaml
kseal cat sealed.yaml --no-color

kseal export

Export decrypted secrets to files.

# Single file
kseal export sealed.yaml
kseal export sealed.yaml -o output.yaml

# All local SealedSecrets
kseal export --all

# All secrets from cluster
kseal export --all --from-cluster

Default output: .unsealed/<original-path> or .unsealed/<namespace>/<name>.yaml

kseal encrypt

Encrypt plaintext secrets using kubeseal.

# To stdout
kseal encrypt secret.yaml

# To file
kseal encrypt secret.yaml -o sealed.yaml

# Replace original
kseal encrypt secret.yaml --replace

kseal init

Create a configuration file.

kseal init
kseal init --force  # Overwrite existing

Configuration

Configuration priority: Environment variables > .kseal-config.yaml > Defaults

Option Environment Variable Default
kubeseal_path KSEAL_KUBESEAL_PATH ~/.local/share/kseal/kubeseal
version KSEAL_VERSION latest
controller_name KSEAL_CONTROLLER_NAME sealed-secrets
controller_namespace KSEAL_CONTROLLER_NAMESPACE sealed-secrets
unsealed_dir KSEAL_UNSEALED_DIR .unsealed
Example config file 
# .kseal-config.yaml
kubeseal_path: /usr/local/bin/kubeseal
version: "0.27.0"
controller_name: sealed-secrets
controller_namespace: kube-system
unsealed_dir: .secrets

Security

  • Add .unsealed/ to your .gitignore
  • Never commit plaintext secrets to version control
  • Requires cluster access to decrypt secrets

Contributing

git clone https://github.com/eznix86/kseal.git
cd kseal
uv sync

# Run tests
make test

# Run linter
make lint

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for eznix86 from gravatar.com eznix86

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Bruno Bernard
  • Tags cli , kubernetes , kubeseal , sealed-secrets , secrets
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

2.1.1

2.1.0

2.0.2

2.0.1

2.0.0

1.0.1

1.0.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kseal-0.1.0.tar.gz (45.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kseal-0.1.0-py3-none-any.whl (14.0 kB view details)

Uploaded Python 3

File details

Details for the file kseal-0.1.0.tar.gz.

File metadata

  • Download URL: kseal-0.1.0.tar.gz
  • Upload date:
  • Size: 45.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.17 {"installer":{"name":"uv","version":"0.9.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for kseal-0.1.0.tar.gz
Algorithm Hash digest
SHA256 59a25b10fc00d54dcb2065faf41d1974514e3629a21262671aaeb50ff3cc4dcb
MD5 3fd25313b1580d032c89194fb6fccdf2
BLAKE2b-256 eeda21b974f449687d3d0258fbd57fbb66b329bb2864df1636e4fcd7777f84a4

See more details on using hashes here.

File details

Details for the file kseal-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: kseal-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 14.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.17 {"installer":{"name":"uv","version":"0.9.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for kseal-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dee20dee757790188ca633d2e521d8123edcf8d7bd4a8349a3fe110c17ebca55
MD5 44c6392a155704269bddae4102b550a8
BLAKE2b-256 c3d0bc522c230c9b176a0b60d074b7eba930a1f0cabad70454c25dd9938645e3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page