Alex Soto - Securing Secrets in the GitOps era

Learn how to secure your secrets in the GitOps era, covering topics such as Kubernetes secret management, Vault, rotation of secrets, and more.

Key takeaways
  • Secrets management is crucial in GitOps. In the GitOps era, everything is in Git, but secrets are not.
  • Kubernetes secrets are not really secret. If an attacker gains access to the pod, they can get the secrets. Secrets are stored in etcd and are not encrypted by default.
  • GitOps requires secure secrets management. GitOps requires a good strategy for storing and managing secrets in Git, but also in the cluster, and then in the secret management system.
  • Bolt is not enough. Bolt is a good option, but it’s not enough. It provides a good security layer, but secrets are still in memory.
  • Vault is a good option. Vault is a good option for secret management. It provides a secure way to store and manage secrets, and it’s open source.
  • Rotation of secrets and keys is crucial. Rotation of secrets and keys is crucial to ensure the security of the application.
  • GitOps and secrets management require layers. GitOps and secrets management require multiple layers of security to ensure the security of the application.
  • Sealed secrets can be used. Sealed secrets can be used to encrypt secrets in Git.
  • KMS plugin is required. KMS plugin is required to ensure the security of the secrets in the cluster.
  • Dynamic secrets can be used. Dynamic secrets can be used to generate secrets for the application.
  • HashiCorp Vault is a good option. HashiCorp Vault is a good option for secret management. It provides a secure way to store and manage secrets, and it’s open source.
  • Kubernetes secrets can be encrypted. Kubernetes secrets can be encrypted to ensure the security of the application.
  • GitOps requires configuration management. GitOps requires configuration management to ensure the security of the application.
  • Secrets should be stored in a secret management system. Secrets should be stored in a secret management system to ensure the security of the application.

More talks

Pryce Turner - Orchestrating Bioinformatics Workflows Across a Heterogeneous Toolset with Flyte

Benjamin: Unlimited free accounts: your own mail server in 60 minutes

37C3 - A year of surveillance in France: a short satirical tale by La Quadrature du Net

Atlassian’s Journey From Monolith to Microservices (DeveloperWeek Global 2020)

gRPC in .NET: Basics & More • Poornima Nayar • GOTO 2024

AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Automatic Image Cropping for Online Classifieds | Alexey Grigorev

Hello, Quantum World! by Jules May