Sealed Secrets
by bytesagain3
A Kubernetes controller and tool for one-way encrypted Secrets sealed secrets, go, devops-workflow, encrypt-secrets, gitops, kubernetes.
安装
claude skill add --url github.com/openclaw/skills/tree/main/skills/bytesagain3/secret-sealer文档
Secret Sealer
Secret Sealer v2.0.0 is a utility toolkit for sealing, managing, and tracking encrypted Kubernetes secrets. It provides a thorough CLI with timestamped logging, multi-format data export, and full activity history tracking for GitOps secret management workflows.
Commands
All commands accept optional <input> arguments. When called without arguments, they display the 20 most recent entries from their respective logs. When called with input, they record a new timestamped entry.
| Command | Usage | Description |
|---|---|---|
run | secret-sealer run [input] | Run a secret sealing operation and log the result |
check | secret-sealer check [input] | Check sealed secret validity or status |
convert | secret-sealer convert [input] | Convert between secret formats (plain, sealed, base64) |
analyze | secret-sealer analyze [input] | Analyze sealed secrets for issues or patterns |
generate | secret-sealer generate [input] | Generate new sealed secret manifests |
preview | secret-sealer preview [input] | Preview sealed secret output before applying |
batch | secret-sealer batch [input] | Batch seal multiple secrets at once |
compare | secret-sealer compare [input] | Compare sealed secrets across environments |
export | secret-sealer export [input] | Log an export operation |
config | secret-sealer config [input] | Manage sealer configuration settings |
status | secret-sealer status [input] | Log or view status entries |
report | secret-sealer report [input] | Generate or log sealed secret reports |
Utility Commands
| Command | Usage | Description |
|---|---|---|
stats | secret-sealer stats | Show summary statistics across all log files |
export <fmt> | secret-sealer export json|csv|txt | Export all data in JSON, CSV, or plain text format |
search <term> | secret-sealer search <term> | Search across all log entries (case-insensitive) |
recent | secret-sealer recent | Show the 20 most recent activity entries |
status | secret-sealer status | Health check — version, data dir, entry count, disk usage |
help | secret-sealer help | Show full command reference |
version | secret-sealer version | Print version string (secret-sealer v2.0.0) |
Data Storage
All data is stored locally in ~/.local/share/secret-sealer/:
history.log— Master activity log with timestamps for every operationrun.log,check.log,convert.log, etc. — Per-command log files storingtimestamp|inputentriesexport.json,export.csv,export.txt— Generated export files
Each entry is stored in pipe-delimited format: YYYY-MM-DD HH:MM|value. The data directory is created automatically on first use.
Requirements
- Bash 4.0+ (uses
set -euo pipefail,localvariables) - Standard Unix tools:
date,wc,du,tail,grep,sed,basename,cat - No external dependencies, API keys, or network access required
- Works on Linux, macOS, and WSL
When to Use
- Sealing secrets for Kubernetes GitOps — Use
runto seal plaintext secrets into encrypted SealedSecret resources safe for Git storage - Validating sealed secrets before deployment — Use
checkto verify that sealed secrets are properly encrypted and match expected namespaces - Batch sealing across multiple environments — Use
batchto seal secrets for staging, production, and development clusters in one pass - Comparing secrets across clusters — Use
compareto detect drift between sealed secrets in different Kubernetes environments - Generating sealed secret manifests — Use
generateto create new SealedSecret YAML manifests from templates or environment variables
Examples
# Seal a secret for a Kubernetes namespace
secret-sealer run "db-password namespace=production"
# Check sealed secret validity
secret-sealer check my-sealed-secret.yaml
# Convert secret format
secret-sealer convert "base64 to sealed-secret"
# Analyze sealed secrets for expiry
secret-sealer analyze "cluster=prod check-cert-expiry"
# Generate a new sealed secret manifest
secret-sealer generate "api-key namespace=staging"
# Batch seal multiple secrets
secret-sealer batch "secret1" "secret2" "secret3"
# Compare secrets across environments
secret-sealer compare "staging vs production db-creds"
# Export all history as CSV
secret-sealer export csv
# Search for past operations
secret-sealer search "production"
# View summary statistics
secret-sealer stats
Output
All commands output structured text to stdout. Use standard shell redirection to capture output:
secret-sealer stats > summary.txt
secret-sealer export json # writes to ~/.local/share/secret-sealer/export.json
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
相关 Skills
表格处理
by anthropics
围绕 .xlsx、.xlsm、.csv、.tsv 做读写、修复、清洗、格式整理、公式计算与格式转换,适合修改现有表格、生成新报表或把杂乱数据整理成交付级电子表格。
✎ 做 Excel/CSV 相关任务很省心,能直接读写、修复、清洗和格式转换,尤其擅长把乱七八糟的表格整理成交付级文件。
PDF处理
by anthropics
遇到 PDF 读写、文本表格提取、合并拆分、旋转加水印、表单填写或加解密时直接用它,也能提取图片、生成新 PDF,并把扫描件通过 OCR 变成可搜索文档。
✎ PDF杂活别再来回切工具了,文本表格提取、合并拆分到OCR识别一次搞定,连扫描件也能变可搜索。
Word文档
by anthropics
覆盖Word/.docx文档的创建、读取、编辑与重排,适合生成报告、备忘录、信函和模板,也能处理目录、页眉页脚、页码、图片替换、查找替换、修订批注及内容提取整理。
✎ 搞定 .docx 的创建、改写与精排版,目录、批量替换、批注修订和图片更新都能自动化,做正式文档尤其省心。
相关 MCP 服务
文件系统
编辑精选by Anthropic
Filesystem 是 MCP 官方参考服务器,让 LLM 安全读写本地文件系统。
✎ 这个服务器解决了让 Claude 直接操作本地文件的痛点,比如自动整理文档或生成代码文件。适合需要自动化文件处理的开发者,但注意它只是参考实现,生产环境需自行加固安全。
by wonderwhy-er
Desktop Commander 是让 AI 直接执行终端命令、管理文件和进程的 MCP 服务器。
✎ 这工具解决了 AI 无法直接操作本地环境的痛点,适合需要自动化脚本调试或文件批量处理的开发者。它能让你用自然语言指挥终端,但权限控制需谨慎,毕竟让 AI 执行 rm -rf 可不是闹着玩的。
EdgarTools
编辑精选by dgunning
EdgarTools 是无需 API 密钥即可解析 SEC EDGAR 财报的开源 Python 库。
✎ 这个工具解决了金融数据获取的痛点——直接让 AI 读取结构化财报,比如让 Claude 分析苹果的 10-K 文件。适合量化分析师或金融开发者快速构建数据管道。但注意,它依赖 SEC 网站稳定性,高峰期可能延迟。