Alex Soto
Securing Secrets in the GitOps era
#1about 6 minutes
Defining secrets and the layers of security
Secrets are defined using analogies from music to illustrate that security is built in layers, like an onion, with no single silver bullet solution.
#2about 8 minutes
How GitOps streamlines the application delivery process
GitOps is presented as a DevOps methodology where Git serves as the single source of truth for both application code and infrastructure configuration.
#3about 4 minutes
The risk of exposing credentials in Git repositories
A live demo with Argo CD highlights the common mistake of committing plain text credentials and explains why Kubernetes' base64 encoding is not a secure solution.
#4about 8 minutes
Using Sealed Secrets to safely store secrets in Git
The Sealed Secrets project provides a way to encrypt Kubernetes secret manifests before committing them to a public or private Git repository using a public/private key pair.
#5about 6 minutes
The vulnerability of unencrypted secrets within etcd
Even with Sealed Secrets, decrypted secrets are stored in plain text in etcd, creating a vulnerability that can be addressed with Kubernetes' encryption-at-rest feature.
#6about 5 minutes
Integrating an external KMS for robust etcd encryption
To improve on native encryption-at-rest, a Key Management System (KMS) plugin offloads encryption to an external service like HashiCorp Vault, separating keys from the cluster.
#7about 11 minutes
Eliminating secret exposure with direct memory injection
The most secure approach involves applications fetching secrets directly from a secret store like Vault at runtime, holding them only in memory to avoid exposure via files or environment variables.
#8about 11 minutes
Resources and Q&A on modern secrets management
Recommended books are shared, followed by a Q&A covering DevSecOps culture, centralized vs. distributed secrets, and local development workflows.
Related jobs
Jobs that call for the skills explored in this talk.
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
TypeScript
React
+3
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
IGEL Technology GmbH
Bremen, Germany
Senior
Java
IT Security
Matching moments
18:28 MIN
Q&A on GitOps secret management practices
Securing secrets in the GitOps Era
15:24 MIN
Encrypting secrets in Git with Sealed Secrets
Securing secrets in the GitOps Era
05:19 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
04:58 MIN
The security risk of storing secrets in Git
Securing secrets in the GitOps Era
02:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
03:42 MIN
Securely handing over credentials and application secrets
SRE Methods In an Agency Environment
02:13 MIN
Understanding the fundamentals of GitHub Secrets
Best Practices for Using GitHub Secrets
02:32 MIN
Securing workflows with secrets and best practices
CI/CD with Github Actions
Featured Partners
Related Videos
58:52Securing secrets in the GitOps Era
Davide Imola
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
30:07External Secrets Operator: the secrets management toolbox for self-sufficient teams
Moritz Johner
50:02Get ready for operations by pull requests
Liviu Costea
25:24Integrating backups into your GitOps Pipeline
Florian Trieloff
47:42GitOps: The past, present and future
Roberth Strand
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Seidor Gesein
Remote
€104K
DevOps
Terraform
Agile Methodologies
NatWest Group
Manchester, United Kingdom
DevOps
Gitlab
Grafana
Terraform
Kubernetes
+2
NatWest Group
Edinburgh, United Kingdom
DevOps
Gitlab
Grafana
Terraform
Kubernetes
+2