EncryptionLabel returns the label meant to be used for encrypting a sealed secret according to scope.

NewSealedSecret creates a new SealedSecret object wrapping the provided secret.

NewSealedSecretV1 creates a new SealedSecret object wrapping the provided secret.

Resource takes an unqualified resource and returns a Group qualified GroupResource.

SecretScope returns the scope of a secret to be sealed, as annotated in its metadata.

StripLastAppliedAnnotations strips annotations added by tools such as kubectl and kubecfg that contain a full copy of the original object kept in the annotation for strategic-merge-patch purposes.

UpdateScopeAnnotations updates the annotation map so that it reflects the desired scope.

The ClusterWideScope allows the sealed secret to be unsealed in any namespace of the cluster.

The DefaultScope is currently the StrictScope.

GroupName is the group name used in this package.

The NamespaceWideScope only pins a sealed secret to a specific namespace.

SealedSecretClusterWideAnnotation is the name for the annotation for setting the secret to be available cluster wide.

SealedSecretManagedAnnotation is the name for the annotation for flagging existing secrets to be managed by the Sealed Secrets controller.

SealedSecretName is the name used in SealedSecret CRD.

SealedSecretNamespaceWideAnnotation is the name for the annotation for setting the secret to be available namespace wide.

SealedSecretPatchAnnotation is the name for the annotation for flagging existing secrets to be patched instead of overwritten by the Sealed Secrets controller.

SealedSecretPlural is the collection plural used with SealedSecret API.

SealedSecretSkipSetOwnerReferencesAnnotation is the name for the annotation for flagging the controller not to set owner reference to secret.

SealedSecretSynced means the SealedSecret has been decrypted and the Secret has been updated successfully.

The StrictScope pins the sealed secret to a specific namespace and a specific name.

TODO(mkm): remove after a release.

AddToScheme is a global function that registers this API group & version to a scheme.

SchemeBuilder adds this group to scheme.

SchemeGroupVersion is the group version used to register these objects.

SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key.

SealedSecretCondition describes the state of a sealed secret at a certain point.

SealedSecretList represents a list of SealedSecrets.

SealedSecretSpec is the specification of a SealedSecret.

SealedSecretStatus is the most recently observed status of the SealedSecret.

SecretTemplateSpec describes the structure a Secret should have when created from a template.

SealedSecretExpansion has methods to work with SealedSecrets resources.

ByCreationTimestamp is used to sort a list of secrets.

SealedSecretConditionType describes the type of SealedSecret condition.

+kubebuilder:pruning:PreserveUnknownFields.

SealingScope is an enum that declares the mobility of a sealed secret by defining in which scopes.