Deep dive into Kubernetes secrets

Deep dive into Kubernetes secrets
Slide Note
Embed
Share

Delve into the world of Kubernetes secrets management, uncovering myths and truths about securing sensitive information. Learn about storing secrets, encryption practices, and the importance of proper configuration for RBAC. Discover the Swiss Army knife for HashiCorp Vault on Kubernetes and explore techniques for injecting and retrieving secrets. Enhance your knowledge of safeguarding confidential data in Kubernetes environments.

  • Kubernetes
  • Secrets Management
  • Encryption
  • RBAC Config
  • HashiCorp Vault
gettings_c
gettings_c Follow

Uploaded on Feb 20, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Deep dive into Kubernetes Kubernetes secrets S gi-Kaz r M rk @sagikazarmark

  2. Myth: Kubernetes secrets aren t secure

  3. Kubernetes secrets Store sensitive information Inject into containers as files as environment variables

  4. Kubernetes secret example

  5. Kubernetes secret example

  6. This isnt encrypted either

  7. base64 is encoding encryption encoding, not

  8. Kubernetes data (states)

  9. Encryption at rest Encryption config: encrypt secrets before storing in etcd Plaintext by default!

  10. Myth: Kubernetes secrets arent secure Secrets are stored in plaintext by default (encryption is optional) No control over managed services (trust, compliance) RBAC needs to be configured properly

  11. Swiss-army knife for Hashicorp Vault on Kubernetes Secrets are stored safely in Vault Secret values are injected directly into pods https://github.com/banzaicloud/bank-vaults

  12. Injecting a secret

  13. Mutating a pod

  14. Retrieve secret from Vault

  15. Other solutions kube-secrets-init: Mutating webhook for AWS/GCP secret stores (inspired by Bank-Vaults) external-secrets: synchronize Kubernetes secrets from external secret stores Kamus: combination of Bank-Vaults and external-secrets using KMS instead of a secret store

  16. Thank Thank you you! ! S gi-Kaz r M rk @sagikazarmark

Related


Secure Shared Data Analysis Environment on Kubernetes at CERN

Secure Shared Data Analysis Environment on Kubernetes at CERN

kornelia
Adventure Awaits- Find Your Deep Creek Rental for All-Season Fun

Adventure Awaits- Find Your Deep Creek Rental for All-Season Fun

Mary1
Introduction to Kubernetes and Microservice Architecture in Data Science

Introduction to Kubernetes and Microservice Architecture in Data Science

nikita
Secrets and Friendship Through Stories in PSHE Lesson

Secrets and Friendship Through Stories in PSHE Lesson

simeon
EU Trade Secrets Directive: Misappropriation and Legal Framework Overview

EU Trade Secrets Directive: Misappropriation and Legal Framework Overview

mhens
Kubernetes Controllers: Managing State and Reacting to Changes

Kubernetes Controllers: Managing State and Reacting to Changes

kies283
ultimate guide to kubernetes deployment

ultimate guide to kubernetes deployment

Lency
The Defend Trade Secrets Act (DTSA) - Key Points and Implications

The Defend Trade Secrets Act (DTSA) - Key Points and Implications

sgebh
Overview of SLATE Client and Server Architecture

Overview of SLATE Client and Server Architecture

archi
Enhancing Interactive Job Efficiency in DLWorkspace Cloud Computing

Enhancing Interactive Job Efficiency in DLWorkspace Cloud Computing

hael608
Kubernetes Load Balancing with P4 Intel IPU Team

Kubernetes Load Balancing with P4 Intel IPU Team

zol_d
Developing TANGO Device in Kubernetes Context for SKA System

Developing TANGO Device in Kubernetes Context for SKA System

marleni
Trade Secrets and Confidential Information Laws

Trade Secrets and Confidential Information Laws

domonique
Scaling in Kubernetes: A Comprehensive Overview

Scaling in Kubernetes: A Comprehensive Overview

burgener_k
The Best Docker and Kubernetes Course - Docker Online Training

The Best Docker and Kubernetes Course - Docker Online Training

venkatakrishna
Docker and Kubernetes Training in Hyderabad - Visualpath

Docker and Kubernetes Training in Hyderabad - Visualpath

venkatakrishna
Overview of Trade Secrets and Legal Framework in the United States

Overview of Trade Secrets and Legal Framework in the United States

cannella_j
Docker and Kubernetes Training - Kubernetes Online Training

Docker and Kubernetes Training - Kubernetes Online Training

venkatakrishna
Kubernetes Online Training - Docker Kubernetes Online Course

Kubernetes Online Training - Docker Kubernetes Online Course

venkatakrishna
Docker Online Training - Kubernetes Online Training

Docker Online Training - Kubernetes Online Training

venkatakrishna
Docker and Kubernetes Training in Hyderabad

Docker and Kubernetes Training in Hyderabad

venkatakrishna
Docker and Kubernetes Training in Hyderabad

Docker and Kubernetes Training in Hyderabad

venkatakrishna

More Related Content