#!/bin/bash
echo "Encrypt secret with 'sealed-secrets'"
kubectl -n default create secret generic cloudflare-api-token-secret \
--from-literal=api-token="$1" \
--namespace="cert-manager" \
--dry-run=client \
-o yaml > cloudflare-secret.yaml
echo "secret: $1"
kubeseal \
  --format=yaml \
  --controller-name=sealed-secrets \
  --controller-namespace=kube-system \
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
echo "Updated/created secret"
rm cloudflare-secret.yaml