A plaintext attack

Yes, when an attacker knows or can guess the plaintext corresponding to some ciphertext (encrypted output), it can create a situation known as a "known-plaintext attack" (KPA). Not all encryption schemes are equally vulnerable to known-plaintext attacks. Modern encryption algorithms, like those used in TLS (such as AES), are designed to be resistant to KPAs. That means even if an attacker knows some plaintext-ciphertext pairs, it should not help them decrypt other ciphertexts or recover the encryption key. If the same key is used for encrypting multiple pieces of data (without proper techniques like unique initialization vectors for each encryption), then the system becomes more vulnerable. Reusing keys or initialization vectors (IVs) in certain modes of encryption can expose patterns, making the encryption weaker. If the known/guessable value is something commonly used (like a standard header, greeting, etc.), then the risk might be less than if it's a unique piece of data specific to the application or system.

TLS is designed to be resistant to known-plaintext attacks. Even if an attacker knows a segment of plaintext and its corresponding ciphertext, they shouldn't be able to determine the key or decrypt other segments of the data. Sealed Secrets (if you're referring to the Kubernetes tool) is a way to encrypt secrets for use in Kubernetes clusters. The actual encryption used by Sealed Secrets would depend on its configuration, but it typically uses strong, modern encryption techniques that are resistant to KPAs.