Alex Soto
Securing Secrets in the GitOps era
#1about 6 minutes
Defining secrets and the layers of security
Secrets are defined using analogies from music to illustrate that security is built in layers, like an onion, with no single silver bullet solution.
#2about 8 minutes
How GitOps streamlines the application delivery process
GitOps is presented as a DevOps methodology where Git serves as the single source of truth for both application code and infrastructure configuration.
#3about 4 minutes
The risk of exposing credentials in Git repositories
A live demo with Argo CD highlights the common mistake of committing plain text credentials and explains why Kubernetes' base64 encoding is not a secure solution.
#4about 8 minutes
Using Sealed Secrets to safely store secrets in Git
The Sealed Secrets project provides a way to encrypt Kubernetes secret manifests before committing them to a public or private Git repository using a public/private key pair.
#5about 6 minutes
The vulnerability of unencrypted secrets within etcd
Even with Sealed Secrets, decrypted secrets are stored in plain text in etcd, creating a vulnerability that can be addressed with Kubernetes' encryption-at-rest feature.
#6about 5 minutes
Integrating an external KMS for robust etcd encryption
To improve on native encryption-at-rest, a Key Management System (KMS) plugin offloads encryption to an external service like HashiCorp Vault, separating keys from the cluster.
#7about 11 minutes
Eliminating secret exposure with direct memory injection
The most secure approach involves applications fetching secrets directly from a secret store like Vault at runtime, holding them only in memory to avoid exposure via files or environment variables.
#8about 11 minutes
Resources and Q&A on modern secrets management
Recommended books are shared, followed by a Q&A covering DevSecOps culture, centralized vs. distributed secrets, and local development workflows.
Related jobs
Jobs that call for the skills explored in this talk.
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
Matching moments
01:32 MIN
Organizing a developer conference for 15,000 attendees
Cat Herding with Lions and Tigers - Christian Heilmann
03:17 MIN
Selecting strategic partners and essential event tools
Cat Herding with Lions and Tigers - Christian Heilmann
02:39 MIN
Establishing a single source of truth for all data
Cat Herding with Lions and Tigers - Christian Heilmann
04:57 MIN
Increasing the value of talk recordings post-event
Cat Herding with Lions and Tigers - Christian Heilmann
04:49 MIN
Using content channels to build an event community
Cat Herding with Lions and Tigers - Christian Heilmann
03:39 MIN
Breaking down silos between HR, tech, and business
What 2025 Taught Us: A Year-End Special with Hung Lee
02:44 MIN
Rapid-fire thoughts on the future of work
What 2025 Taught Us: A Year-End Special with Hung Lee
04:22 MIN
Why HR struggles with technology implementation and adoption
What 2025 Taught Us: A Year-End Special with Hung Lee
Featured Partners
Related Videos
58:52Securing secrets in the GitOps Era
Davide Imola
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
56:06Stop Committing Your Secrets - GIt Hooks To The Rescue!
Dwayne McDaniel
30:07External Secrets Operator: the secrets management toolbox for self-sufficient teams
Moritz Johner
33:20DevSecOps: Security in DevOps
Aarno Aukia
50:02Get ready for operations by pull requests
Liviu Costea
29:50Real-World Security for Busy Developers
Kevin Lewis
45:58A Practitioners Guide to GitOps - Introduction, Principles and Implementation
Thomas Schütz
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Sólo para miembros registrados
Barcelona, Spain
€55-75K
Senior
Bash
Azure
Linux
Kafka
+10
Sólo para miembros registrados
Barcelona, Spain
€50-75K
Senior
Bash
Azure
Linux
DevOps
+7