Secrets are a key pillar of Kubernetes’ security model, used internally (e.g., service accounts) and by users (e.g., API keys), but did you know they’re stored in plaintext? That’s right, by default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Anyone with access to the etcd cluster has access to all your Kubernetes secrets.
Thankfully, there are better ways. Seth Vargo provides an overview of different techniques for more securely managing secrets in Kubernetes, including secrets encryption, KMS plug-ins, and tools like HashiCorp Vault. You’ll learn the trade-offs of each approach to make better decisions on how to secure your Kubernetes clusters.
Seth Vargo is a developer advocate at Google. Previously, he worked at HashiCorp, Chef, Custom Ink, and a few Pittsburgh-based startups. He’s the author of Learning Chef. Seth is passionate about reducing inequality in technology. When he’s not writing, working on open source, teaching, or speaking at conferences, Seth enjoys spending time with his friends and advising nonprofits. He loves all things bacon.
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com