Create onepassword-token For k8s

Mon, 19 Jan 2026 16:59:57 +0000

k create secret generic onepassword-connect-secret \
--from-file=./1password-credentials.json -o yaml > infrastructure/configs/base/onepassword-connect/1_secrets.yaml

kubectl create secret generic onepassword-connect-secret -n onepassword --from-literal=1password-credentials.json="$(cat ./utils/1password-credentials.json | base64)" --dry-run=client -o yaml > infrastructure/configs/base/onepassword-connect/1_secrets.yaml

kubectl create secret -n external-secrets generic onepassword-token --from-literal=token=$OP_CONNECT_TOKEN

Encrypt secrets with SOPS

Thu, 15 Jan 2026 23:09:41 +0000

Generate an age keypair and save it to age.agekey. The public key is used for encryption; keep the private key safe — you’ll need it to decrypt.

$ age-keygen -o age.agekey
Public key: age1helqcqsh9464r8chnwc2fzj8uv7vr5ntnsft0tn45v2xtz0hpfwq98cmsg

Store the private key as a Kubernetes secret in the flux-system namespace so Flux’s SOPS decryption provider can use it to decrypt manifests at apply time.

cat age.agekey |
kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin

Encrypt a Kubernetes secret YAML in-place using SOPS. Only fields matching data or stringData are encrypted, leaving the rest of the manifest readable.

Atomic on luvandre

Create onepassword-token For k8s

Encrypt secrets with SOPS