Davide Imola

Securing secrets in the GitOps Era

Your Kubernetes secrets are just Base64 encoded, not encrypted. Learn two powerful patterns to secure your GitOps workflow.

Securing secrets in the GitOps Era
#1about 8 minutes

Understanding the fundamentals and benefits of GitOps

GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.

#2about 5 minutes

The security risk of storing secrets in Git

Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.

#3about 15 minutes

Encrypting secrets in Git with Sealed Secrets

Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.

#4about 3 minutes

Evaluating the pros and cons of Sealed Secrets

While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.

#5about 7 minutes

Managing secrets with external secret managers

External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.

#6about 2 minutes

Integrating external secret managers into Kubernetes

Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.

#7about 18 minutes

Q&A on GitOps secret management practices

The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Q&A: GitOps, CI tools, and security management
42:23 MIN

Q&A: GitOps, CI tools, and security management

GitOps: The past, present and future

Using Sealed Secrets to safely store secrets in Git
18:06 MIN

Using Sealed Secrets to safely store secrets in Git

Securing Secrets in the GitOps era

Introduction to GitOps and the talk agenda
00:19 MIN

Introduction to GitOps and the talk agenda

Get ready for operations by pull requests

The risk of exposing credentials in Git repositories
13:58 MIN

The risk of exposing credentials in Git repositories

Securing Secrets in the GitOps era

Securing workflows with secrets and best practices
30:56 MIN

Securing workflows with secrets and best practices

CI/CD with Github Actions

Key takeaways for securing your application pipeline
41:45 MIN

Key takeaways for securing your application pipeline

Securing Your Web Application Pipeline From Intruders

Securing developer access and development tools
05:30 MIN

Securing developer access and development tools

Securing your application software supply-chain

Answering common questions about implementing GitOps
28:41 MIN

Answering common questions about implementing GitOps

GitOps: The past, present and future

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Stop Committing Your Secrets - GIt Hooks To The Rescue!56:06

Stop Committing Your Secrets - GIt Hooks To The Rescue!

Dwayne McDaniel

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

How to GitOps your cluster with Flux58:44

How to GitOps your cluster with Flux

Davide Imola

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

A Practitioners Guide to GitOps - Introduction, Principles and Implementation45:58

A Practitioners Guide to GitOps - Introduction, Principles and Implementation

Thomas Schütz

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

From learning to earning

Jobs that call for the skills explored in this talk.