Moritz Johner
External Secrets Operator: the secrets management toolbox for self-sufficient teams
#1about 2 minutes
Understanding the fundamentals of secrets management
Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.
#2about 4 minutes
A framework for classifying different types of secrets
Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.
#3about 4 minutes
Centralizing secrets from development, CI/CD, and production
Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.
#4about 2 minutes
Overcoming common challenges in secrets management
Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.
#5about 3 minutes
Introducing the External Secrets Operator for Kubernetes
External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.
#6about 4 minutes
Understanding the core concepts and CRDs of ESO
ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.
#7about 5 minutes
Using advanced ESO features for complex use cases
ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.
#8about 5 minutes
Q&A on pod restarts, SOPS, and caching benefits
The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.
Related jobs
Jobs that call for the skills explored in this talk.
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
envelio
Köln, Germany
Remote
Senior
Python
Software Architecture
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
TypeScript
React
+3
Matching moments
06:54 MIN
Managing secrets with external secret managers
Securing secrets in the GitOps Era
02:19 MIN
Integrating external secret managers into Kubernetes
Securing secrets in the GitOps Era
18:28 MIN
Q&A on GitOps secret management practices
Securing secrets in the GitOps Era
15:24 MIN
Encrypting secrets in Git with Sealed Secrets
Securing secrets in the GitOps Era
05:19 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
07:30 MIN
Using Sealed Secrets to safely store secrets in Git
Securing Secrets in the GitOps era
03:42 MIN
Securely handing over credentials and application secrets
SRE Methods In an Agency Environment
11:14 MIN
Resources and Q&A on modern secrets management
Securing Secrets in the GitOps era
Featured Partners
Related Videos
58:52Securing secrets in the GitOps Era
Davide Imola
58:57Securing Secrets in the GitOps era
Alex Soto
16:00DevSecOps culture
Ali Yazdani
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
42:45Kubernetes Security - Challenge and Opportunity
Marc Nimmerrichter
17:31Our GitOps approach for deploying an Identity Provider and an API Gateway in a SaaS company
Axel Barbier
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
31:48Monoskope: Developer Self-Service Across Clusters
Jan Steffen
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Cloud Solutions
Frankfurt am Main, Germany
Go
Bash
Rust
Linux
Shell
+6
Governikus GmbH & Co. KG
Köln, Germany
Remote
Linux
DevOps
Continuous Integration
Configuration Management
virtual7 GmbH
Mainz, Germany
Senior
DevOps
Docker
Openshift
Kubernetes
Agile Methodologies
+1
Neko Health
Lieberose/Oberspreewald, Germany
Remote
Azure
DevOps
Terraform
TypeScript
virtual7 GmbH
Köln, Germany
Senior
DevOps
Docker
Openshift
Kubernetes
Agile Methodologies
+1
CONTARGO
Duisburg, Germany
Remote
Scrum
DevOps
Gitlab
Puppet
+4