Moritz Johner
External Secrets Operator: the secrets management toolbox for self-sufficient teams
#1about 2 minutes
Understanding the fundamentals of secrets management
Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.
#2about 4 minutes
A framework for classifying different types of secrets
Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.
#3about 4 minutes
Centralizing secrets from development, CI/CD, and production
Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.
#4about 2 minutes
Overcoming common challenges in secrets management
Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.
#5about 3 minutes
Introducing the External Secrets Operator for Kubernetes
External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.
#6about 4 minutes
Understanding the core concepts and CRDs of ESO
ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.
#7about 5 minutes
Using advanced ESO features for complex use cases
ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.
#8about 5 minutes
Q&A on pod restarts, SOPS, and caching benefits
The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
06:54 MIN
Managing secrets with external secret managers
Securing secrets in the GitOps Era
02:19 MIN
Integrating external secret managers into Kubernetes
Securing secrets in the GitOps Era
15:24 MIN
Encrypting secrets in Git with Sealed Secrets
Securing secrets in the GitOps Era
18:28 MIN
Q&A on GitOps secret management practices
Securing secrets in the GitOps Era
05:19 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
07:30 MIN
Using Sealed Secrets to safely store secrets in Git
Securing Secrets in the GitOps era
03:42 MIN
Securely handing over credentials and application secrets
SRE Methods In an Agency Environment
05:06 MIN
Integrating an external KMS for robust etcd encryption
Securing Secrets in the GitOps era
Featured Partners
Related Videos
58:57Securing Secrets in the GitOps era
Alex Soto
58:52Securing secrets in the GitOps Era
Davide Imola
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
42:45Kubernetes Security - Challenge and Opportunity
Marc Nimmerrichter
26:23OPA for the cloud natives
Philipp Krenn
27:52Chaos in Containers - Unleashing Resilience
Maish Saidel-Keesing
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
23:08Kubernetes Security Best Practices
Rico Komenda
Related Articles
View all articles
.gif?w=240&auto=compress,format)
From learning to earning
Jobs that call for the skills explored in this talk.
smartclip Europe GmbH
Hamburg, Germany
Intermediate
Senior
GIT
Linux
Python
Kubernetes
AUTO1 Group SE
Berlin, Germany
Intermediate
Senior
ELK
Terraform
Elasticsearch
iits-consulting GmbH
MĂĽnchen, Germany
Intermediate
Go
Docker
DevOps
Kubernetes
SYSKRON GmbH
Regensburg, Germany
Intermediate
Senior
.NET
Python
Kubernetes
Peter Park System GmbH
MĂĽnchen, Germany
Senior
Python
Docker
Node.js
JavaScript
Mittwald CM Service GmbH & Co. KG
Espelkamp, Germany
Intermediate
Senior
Linux
Docker
DevOps
Kubernetes
