# Sealed Secrets (/docs/runtime/components/sealed-secrets)



Component Category [#component-category]

Continuous integration and delivery / secret management

Component Description [#component-description]

Sealed Secrets is a Kubernetes tool that encrypts secrets so they can be stored safely in Git and decrypted only inside the target cluster.

Why It Is Used [#why-it-is-used]

In BullSequana AI Runtime, Sealed Secrets supports a GitOps-friendly way of handling sensitive values during deployment. It allows encrypted secrets to travel through source control and delivery pipelines without exposing the raw secret material outside the cluster.

Learn More [#learn-more]

* [Sealed Secrets documentation](https://github.com/bitnami-labs/sealed-secrets)
* [bitnami-labs/sealed-secrets on GitHub](https://github.com/bitnami-labs/sealed-secrets)

Interacts With [#interacts-with]

* `Argo CD`, because encrypted secrets are typically reconciled as part of the GitOps deployment flow.
* `GitLab`, where the encrypted manifests can be versioned and reviewed safely.
* `Reflector`, in environments where decrypted secrets then need controlled propagation across namespaces.