privilegedescalation/headlamp-sealed-secrets-plugin
Archived
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity

docs: remove marketing language and add Artifact Hub README

Browse Source 
Removed marketing fluff:
- Replaced "Zero Trust Architecture" with factual "How It Works"
- Removed buzzwords and kept technical accuracy
- Simplified security explanation to be clear and honest

Added Artifact Hub README:
- Created README.md for v0.2.4 release directory
- Clean, professional documentation without marketing speak
- Focused on features, usage, and troubleshooting
- Will appear on Artifact Hub package page

Both READMEs now:
- Provide accurate technical information
- Avoid exaggerated claims
- Focus on what the plugin actually does
- Keep language straightforward and honest

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
This commit is contained in:
Chris Farhood
2026-02-12 11:15:48 -05:00
parent 0199c8c330
commit 319d02f849
2 changed files with 130 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+12 -21
View File
@@ -165,28 +165,19 @@ echo -n "$DB_PASSWORD" | kubeseal \
## 🔒 Security
### Zero Trust Architecture
```
┌─────────────────────────────────────────────┐
│ User's Browser │
│ │
1. User enters plaintext: "mysecret" │
2. Plugin encrypts locally (RSA-OAEP) │
│ 3. Sends ONLY encrypted data │
│ │
│ ✅ Plaintext NEVER on network │
└─────────────────────────────────────────────┘
│ Only encrypted data
┌─────────────────────────────────────────────┐
│ Kubernetes Cluster │
│ │
│ 4. Controller decrypts server-side │
│ 5. Creates plain Secret in cluster │
└─────────────────────────────────────────────┘
```
### How It Works
The plugin encrypts secrets client-side before sending them to Kubernetes:
1. User enters plaintext values in the browser
2. Plugin fetches controller's public certificate
3. Values are encrypted using RSA-OAEP + AES-256-GCM
4. Only encrypted data is sent to Kubernetes
5. Controller decrypts and creates the Secret
Plaintext values never leave your browser.
### Security Features