Davide Imola

Securing secrets in the GitOps Era

Your Kubernetes secrets are just Base64 encoded, not encrypted. Learn two powerful patterns to secure your GitOps workflow.

Securing secrets in the GitOps Era
#1about 8 minutes

Understanding the fundamentals and benefits of GitOps

GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.

#2about 5 minutes

The security risk of storing secrets in Git

Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.

#3about 15 minutes

Encrypting secrets in Git with Sealed Secrets

Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.

#4about 3 minutes

Evaluating the pros and cons of Sealed Secrets

While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.

#5about 7 minutes

Managing secrets with external secret managers

External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.

#6about 2 minutes

Integrating external secret managers into Kubernetes

Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.

#7about 18 minutes

Q&A on GitOps secret management practices

The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Using Sealed Secrets to safely store secrets in Git
07:30 MIN

Using Sealed Secrets to safely store secrets in Git

Securing Secrets in the GitOps era

The risk of exposing credentials in Git repositories
04:08 MIN

The risk of exposing credentials in Git repositories

Securing Secrets in the GitOps era

Q&A: GitOps, CI tools, and security management
05:19 MIN

Q&A: GitOps, CI tools, and security management

GitOps: The past, present and future

Understanding the fundamentals of GitHub Secrets
02:13 MIN

Understanding the fundamentals of GitHub Secrets

Best Practices for Using GitHub Secrets

Introduction to GitOps and the talk agenda
03:33 MIN

Introduction to GitOps and the talk agenda

Get ready for operations by pull requests

Securing workflows with secrets and best practices
02:32 MIN

Securing workflows with secrets and best practices

CI/CD with Github Actions

Securely handing over credentials and application secrets
03:42 MIN

Securely handing over credentials and application secrets

SRE Methods In an Agency Environment

Key takeaways for securing your application pipeline
02:45 MIN

Key takeaways for securing your application pipeline

Securing Your Web Application Pipeline From Intruders

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era
58:57

Securing Secrets in the GitOps era

Alex Soto

Best Practices for Using GitHub Secrets
36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

External Secrets Operator: the secrets management toolbox for self-sufficient teams
30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

How to GitOps your cluster with Flux
58:44

How to GitOps your cluster with Flux

Davide Imola

Get ready for operations by pull requests
50:02

Get ready for operations by pull requests

Liviu Costea

GitOps: The past, present and future
47:42

GitOps: The past, present and future

Roberth Strand

Integrating backups into your GitOps Pipeline
25:24

Integrating backups into your GitOps Pipeline

Florian Trieloff

Enhancing Workload Security in Kubernetes
44:00

Enhancing Workload Security in Kubernetes

Dimitrij Klesev & Andreas Zeissner

Related Articles

View all articles
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
Daniel Cranney
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Inside last week’s Dev Digest 214 . 🕵️ Claude source code leaked, analysed and re-written in 2 days 🐙 GitHub auto-opts users into feeding their code to train their AI 🌐 Pretext shows how to show complex text rendering in the browser 🤖 How to securin...
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!

From learning to earning

Jobs that call for the skills explored in this talk.