Moritz Johner

External Secrets Operator: the secrets management toolbox for self-sufficient teams

How do you solve the 'first secret' problem in Kubernetes? Learn how the External Secrets Operator uses cloud IAM to securely bridge any vault to your applications.

External Secrets Operator: the secrets management toolbox for self-sufficient teams
#1about 2 minutes

Understanding the fundamentals of secrets management

Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.

#2about 4 minutes

A framework for classifying different types of secrets

Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.

#3about 4 minutes

Centralizing secrets from development, CI/CD, and production

Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.

#4about 2 minutes

Overcoming common challenges in secrets management

Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.

#5about 3 minutes

Introducing the External Secrets Operator for Kubernetes

External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.

#6about 4 minutes

Understanding the core concepts and CRDs of ESO

ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.

#7about 5 minutes

Using advanced ESO features for complex use cases

ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.

#8about 5 minutes

Q&A on pod restarts, SOPS, and caching benefits

The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

Our GitOps approach for deploying an Identity Provider and an API Gateway in a SaaS company17:31

Our GitOps approach for deploying an Identity Provider and an API Gateway in a SaaS company

Axel Barbier

Open Source Secure Software Supply Chain in action32:55

Open Source Secure Software Supply Chain in action

Natale Vinto

Monoskope: Developer Self-Service Across Clusters31:48

Monoskope: Developer Self-Service Across Clusters

Jan Steffen

From learning to earning

Jobs that call for the skills explored in this talk.