Validate existing Sealed Secrets (#1266)

Signed-off-by: Alfredo Garcia <[email protected]>
bitnami-labs · Jul 7, 2023 · e959447 · e959447
1 parent b590bb6
commit e959447
Showing 1 changed file with 29 additions and 1 deletion.
diff --git a/site/content/docs/latest/howto/validate-sealed-secrets.md b/site/content/docs/latest/howto/validate-sealed-secrets.md
@@ -1,3 +1,31 @@
 # How-to Validate existing Sealed Secrets
 
-TBC
+The `validate` Sealed Secrets feature is useful for ensuring the correctness of Sealed Secrets, especially when they need to be shared or used in various Kubernetes environments. By validating Sealed Secrets, you can verify that the encryption and decryption processes are functioning as expected and that the secrets are protected properly.
+
+If you want to validate an existing sealed secret, `kubeseal` has the flag `--validate` to help you.
+
+Giving a file named `sealed-secrets.yaml` containing the following sealed secret:
+
+```yaml
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: mysecret
+  namespace: mynamespace
+spec:
+  encryptedData:
+    foo: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEq.....
+```
+
+You can validate if the sealed secret was properly created or not:
+
+```console
+$ cat sealed-secrets.yaml | kubeseal --validate
+```
+
+In case of an invalid sealed secret, `kubeseal` will show:
+
+```console
+$ cat sealed-secrets.yaml | kubeseal --validate
+error: unable to decrypt sealed secret
+```