Alex Soto - Securing Secrets in the GitOps era

Security

Discover the importance of securing secrets in the GitOps era, exploring encryption, storage, and rotation methods, including Vault, Kubernetes Secrets, and more, for optimal security and compliance.

Key takeaways

Securing Secrets in the GitOps Era

  • Secrets are no longer just plain text, they need to be encrypted and protected.
  • Traditionally, secrets were kept in files or as environment variables, but this is not secure.
  • Using Kubernetes Secrets is a good starting point, but it has its limitations.
  • Introducing Vault, an open-source secret management tool.
  • Vault provides a secure way to store and manage secrets.
  • Secrets should be stored in a more secure location, such as Vault, rather than in files or environment variables.
  • Rotating secrets regularly is important for security.
  • Using external secrets operators, such as Vault, can provide an additional layer of security.
  • Seal Secrets is a Kubernetes controller that helps to decouple secrets from the application code.
  • HashiCorp Vault Operator can automate secret rotation and promotion.
  • GitOps can be used to manage and deploy secrets across different environments.
  • Using Kubernetes monitoring and logging tools can help detect and prevent security incidents.
  • Remember, there is no such thing as a “secure” secret, only well-secured secrets.

More talks

How To Be a Postgres DBA in a Pinch with Elizabeth Christensen - DjangoCon US 2022

ElixirConf 2023 - Rafal Studnicki - Keeping real-time auctions running during rollout.

37C3 - Unlocked! Recovering files taken hostage by ransomware

Demystifying Web API Security in Azure - Jimmy Bogard - NDC Sydney 2024

Kubernetes Decision by Kobi Biton | Session at DevOpsCon Munich 2022

Kubernetes access control in the enterprise | Jan Bruder

Oliver Tena & Pere Alcoberro - 1 platform and multiple clusters, teams & countries. The Allianz case

Stephen Frost: Advanced Authentication and Encrypted Connections (PGConf.EU 2023)