Davide Imola
Securing secrets in the GitOps Era
#1about 8 minutes
Understanding the fundamentals and benefits of GitOps
GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.
#2about 5 minutes
The security risk of storing secrets in Git
Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.
#3about 15 minutes
Encrypting secrets in Git with Sealed Secrets
Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.
#4about 3 minutes
Evaluating the pros and cons of Sealed Secrets
While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.
#5about 7 minutes
Managing secrets with external secret managers
External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.
#6about 2 minutes
Integrating external secret managers into Kubernetes
Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.
#7about 18 minutes
Q&A on GitOps secret management practices
The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.
Related jobs
Jobs that call for the skills explored in this talk.
Team Lead DevOps (m/w/d)
Rhein-Main-Verkehrsverbund Servicegesellschaft mbH
Frankfurt am Main, Germany
Senior
Matching moments
42:23 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
00:19 MIN
Introduction to GitOps and the talk agenda
Get ready for operations by pull requests
30:56 MIN
Securing workflows with secrets and best practices
CI/CD with Github Actions
41:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
05:30 MIN
Securing developer access and development tools
Securing your application software supply-chain
28:41 MIN
Answering common questions about implementing GitOps
GitOps: The past, present and future
38:03 MIN
Q&A: Applying GitOps principles without Kubernetes
GitOps: The past, present and future
28:30 MIN
Key benefits and principles of a true GitOps workflow
Everything as Code: A Dozen As-Code Concepts beyond Infrastructure or Configuration as Code
Featured Partners
Related Videos
58:57Securing Secrets in the GitOps era
Alex Soto
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
30:07External Secrets Operator: the secrets management toolbox for self-sufficient teams
Moritz Johner
58:44How to GitOps your cluster with Flux
Davide Imola
50:02Get ready for operations by pull requests
Liviu Costea
47:42GitOps: The past, present and future
Roberth Strand
29:49GitOps for the people
Lian Li
25:24Integrating backups into your GitOps Pipeline
Florian Trieloff
From learning to earning
Jobs that call for the skills explored in this talk.
DevOps Engineer – Kubernetes & Cloud (m/w/d)
epostbox epb GmbH
Berlin, Germany
Intermediate
Senior
DevOps
Kubernetes
Cloud (AWS/Google/Azure)
Devops Engineer * Kubernetes * Java * ELK * Angular
DC&I
The Hague, Netherlands
Java
DevOps
Gitlab
Angular
Openshift
+3
DevOps Engineer (m/w/d) - Kubernetes und GitOps | Hannover und Remote
ETA Personal GmbH
Hannover, Germany
Remote
€53K
API
YAML
REST
+10
Devops Expert - kubernetes / Go / Datadog
ASFOTEC
Canton de Lille-6, France
Remote
Intermediate
Azure
DevOps
Python
Grafana
+3
Ingeniero/a Kubernetes (DevOpS)
Capgemini
Municipality of Madrid, Spain
Bash
DevOps
Python
Kubernetes
Continuous Integration
+1
DevOps Engineer - Azure - Kubernetes - Terraform
Opus Recruitment Solutions
Reading, United Kingdom
€64K
Java
Azure
DevOps
Terraform
+2