Davide Imola

Securing secrets in the GitOps Era

Your Kubernetes secrets are just Base64 encoded, not encrypted. Learn two powerful patterns to secure your GitOps workflow.

Securing secrets in the GitOps Era
#1about 8 minutes

Understanding the fundamentals and benefits of GitOps

GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.

#2about 5 minutes

The security risk of storing secrets in Git

Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.

#3about 15 minutes

Encrypting secrets in Git with Sealed Secrets

Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.

#4about 3 minutes

Evaluating the pros and cons of Sealed Secrets

While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.

#5about 7 minutes

Managing secrets with external secret managers

External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.

#6about 2 minutes

Integrating external secret managers into Kubernetes

Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.

#7about 18 minutes

Q&A on GitOps secret management practices

The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Using Sealed Secrets to safely store secrets in Git
07:30 MIN

Using Sealed Secrets to safely store secrets in Git

Securing Secrets in the GitOps era

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The risk of exposing credentials in Git repositories
04:08 MIN

The risk of exposing credentials in Git repositories

Securing Secrets in the GitOps era

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Q&A: GitOps, CI tools, and security management
05:19 MIN

Q&A: GitOps, CI tools, and security management

GitOps: The past, present and future

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Understanding the fundamentals of GitHub Secrets
02:13 MIN

Understanding the fundamentals of GitHub Secrets

Best Practices for Using GitHub Secrets

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Introduction to GitOps and the talk agenda
03:33 MIN

Introduction to GitOps and the talk agenda

Get ready for operations by pull requests

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Securing workflows with secrets and best practices
02:32 MIN

Securing workflows with secrets and best practices

CI/CD with Github Actions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Securely handing over credentials and application secrets
03:42 MIN

Securely handing over credentials and application secrets

SRE Methods In an Agency Environment

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Key takeaways for securing your application pipeline
02:45 MIN

Key takeaways for securing your application pipeline

Securing Your Web Application Pipeline From Intruders

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

How to GitOps your cluster with Flux58:44

How to GitOps your cluster with Flux

Davide Imola

Get ready for operations by pull requests50:02

Get ready for operations by pull requests

Liviu Costea

GitOps: The past, present and future47:42

GitOps: The past, present and future

Roberth Strand

GitOps for the people29:49

GitOps for the people

Lian Li

Integrating backups into your GitOps Pipeline25:24

Integrating backups into your GitOps Pipeline

Florian Trieloff

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 129 - Now that's what I call private data!
News and ArticlesAfter declaring Google a monopoly there are now considerations to force it to break up - isn't that what the whole Alphabet thing was about? In the last act of Crowdstrike coverage here, they released a deep analysis of the outage th...
Dev Digest 129 - Now that's what I call private data!

From learning to earning

Jobs that call for the skills explored in this talk.