Hey Remi, I've had good experience using SOPS, because the decryption steps can nicely be integrated into Terraform or Kustomize and that doesn't make it any less secure. I even think SOPS is more secure, because the key can be stored in a preffered Trust Store like HashiCorp Vault or GCP KMS to which you manage access. While the approach with Sealed-secret, private key is stored on the kubernetes cluster, actually in the sealed-secret deployment/controller which makes it a bit harder to secure in case your cluster is multitenant.