When using the bitnami sealed secrets controller1 in your kubernetes cluster you explicitly have to
set the namespace of your secret before generating the SealedSecret .yaml.
When you omit the namespace metadata namespace: default will be added by the kubeseal cli and
the controller will then not be able to decrypt the secret into your actual namespace. You will get the
error message: no key could decrypt secret.
The namespace is part of the encryption to prevent that someone just decrypts the secret into another namespace with different access rights and then will be able to read the contents of the decrypted secret there2.