Using kubeseal to make secrets safe to store in a GitOps repo relies on the secrets created by the controller to restore if the cluster is lost. These should be backed up.
Maybe use Ansible vault to make them safe to store in this repo and then deploy them before bootstrapping with Argo. This would make it easy to automate their deployment.
Could store the Ansible vault key in the org's password manager to back that up.
Using
kubeseal
to make secrets safe to store in a GitOps repo relies on the secrets created by the controller to restore if the cluster is lost. These should be backed up.