San Jose, CA
Base64 is not encryption: A better story for Kubernetes secrets
Level
Prerequisite knowledge
- Knowledge of security, Kuberentes, and containers (useful but not required)
Materials or downloads needed in advance
- A laptop with access to the internet and a modern version of the Chrome browser installed
What you'll learn
- Discover techniques for securely managing secrets in Kubernetes
Description
Secrets are a key pillar of Kubernetes’ security model, used internally (e.g., service accounts) and by users (e.g., API keys), but did you know they’re stored in plaintext? That’s right, by default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Anyone with access to the etcd cluster has access to all your Kubernetes secrets.
Thankfully, there are better ways. Seth Vargo provides an overview of different techniques for more securely managing secrets in Kubernetes, including secrets encryption, KMS plug-ins, and tools like HashiCorp Vault. You’ll learn the trade-offs of each approach to make better decisions on how to secure your Kubernetes clusters.
Seth Vargo
Seth Vargo is an engineer at Google Cloud. Previously he worked at HashiCorp, Chef Software, CustomInk, and some Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, teaching, or speaking at conferences, Seth advises non-profits.
Sponsorship Opportunities
For exhibition and sponsorship opportunities, email velocity@oreilly.com
Partner Opportunities
For information on trade opportunities with O'Reilly conferences, email partners@oreilly.com
Contact Us
View a complete list of Velocity contacts
Twitter
Facebook
LinkedIn
YouTube©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • confreg@oreilly.com