Investigate using another secret method

[onedr0p]

Details

Describe the solution you'd like:

I have been trying out sops and external-secrets.

Using something other than sealed-secrets for managing secrets would be nice. sealed-secrets scratches the itch for encrypting values in values.yaml, while external-secrets or sops works great for any chart that supports using an existingSecret.

Benefits for sops is that is has integration with Flux.

Here is a couple repos with examples of how sops is working with Flux:

• https://github.com/Vaskozl/home-infra
• https://github.com/gperezmz/k8s-gitops

There's a couple issues with sops I'd like see resolved:

1. Issue with yamllint: yaml file sequence items spaces after hyphen getsops/sops#514 *
2. Easier method of determining if a file is encrypted or not: Implement some kind of query/status option getsops/sops#460 and Q: How to prevent unencrypted files from being committed getsops/sops#571
3. Lack of arm64 binary: Provide arm and arm64 binaries getsops/sops#595
4. No pre-commit plugin (will consider making one when 2 is fixed)

* In the next version this can be remedied by using #yamllint disable on the top line of the decrypted secret and getsops/sops#757 until they switch to yaml.v3 in getsops/sops#791

It's unfortunate that any of these solutions is pretty hacky when using a public GitOps repo.

[onedr0p]

Flux w/ var subst and sops is awesome