The GitOps community is deeply divided on secrets management. Some teams swear by Sealed Secrets, claiming Git should be the single source of truth for everything. Others argue that secrets have no business being in version control — encrypted or not. Both camps are partially right, but they’re missing the bigger picture: modern production environments need secrets that rotate automatically, scale across multiple clusters, and never touch your Git repository.
Why the Encrypted-in-Git Approach Is Dead
Let’s be honest about Sealed Secrets. When we first adopted it, the appeal was obvious: encrypt your secrets locally, commit them to Git, and let the cluster-side controller decrypt them. Simple, right?
This article has been indexed from DZone Security Zone
Read the original article: