Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Secure Your Secrets in GitOps
Search
Rosemary Wang
May 19, 2022
Programming
140
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Secure Your Secrets in GitOps
Learn how to inject secrets into your applications with Flux, a GitOps tool on Kubernetes.
Rosemary Wang
May 19, 2022
More Decks by Rosemary Wang
See All by Rosemary Wang
From Platform Engineering to AI Automation: Building Infrastructure for Agent Systems
joatmon08
0
93
Context Engineering 101: A Practical Introduction
joatmon08
1
61
Build for massive scale & security with the HashiCorp Cloud Platform
joatmon08
0
100
People, process, and technology for ILM and SLM adoption
joatmon08
0
85
Secure Day 2 operations with Boundary and Vault
joatmon08
0
90
Can You Test Your Infrastructure as Code?
joatmon08
1
140
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
110
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
100
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
140
Other Decks in Programming
See All in Programming
Welcome to the "Parametricity" 🏙️ − Generic だけど Specific な世界 −
guvalif
PRO
1
150
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
kishida
12
4.7k
AI時代の仕事技芸論〜ソフトウェア開発で「遊ぶように働く」職人的熟達のすすめ(スクフェス仙台 2026バージョン)
kuranuki
0
590
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
1.1k
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.6k
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
350
コーディングルールの鮮度を保ちたい for SRE NEXT 2026 / keep-fresh-go-internal-conventions-sre-next-2026
handlename
0
140
AI がコードを書く時代における新卒エンジニアの仕事風景 (2026) / New Graduate Engineers in the Era of AI Coding (2026)
sushichan044
0
210
才能?センス?知らん、 続けたもん勝ちだ。-- 結婚・出産・癌を越えてなお、私がプロダクトを創り続ける理由
16bitidol
2
830
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
220
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
440
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
480
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
3
1.1k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
180
Paper Plane (Part 1)
katiecoart
PRO
0
9.5k
Prompt Engineering for Job Search
mfonobong
0
370
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Are puppies a ranking factor?
jonoalderson
1
3.7k
Mind Mapping
helmedeiros
PRO
1
280
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
500
Color Theory Basics | Prateek | Gurzu
gurzu
0
390
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Transcript
Copyright © 2022 HashiCorp Secure Your Secrets in GitOps May
19, 2021 Rosemary Wang Developer Advocate at HashiCorp she/her @joatmon08 1
Works, but not ideal. Use SOPS to encrypt and store
in version control. 1 2 3 fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault SOPS 2. Commit encrypted secret to version control. 1. Use encryption key from Vault to encrypt secret. 2
What happens when you accidentally commit a plaintext secret? 3
1. Regret 2. Revoke 3. Rotate 4. Reference 5. Replace
6. Re-run Plan R AKA Remediation 4
Is there a better way? 5
Kubernetes Secret Plaintext 😨 Needs role-based access controls 🤔 Secrets
Manager Securely stores secrets (Some) Rotate secrets for you Audits access Securing Secrets Credentials, Tokens, Keys, Certificates 6
Secrets Manager + Kubernetes Use file-based secrets injection with Secrets
Store CSI Driver. 1 2 3 secrets-store-csi-driver.sigs.k8s.io/ vaultproject.io/docs/platform/k8s/csi @joatmon08 7
If you still need Kubernetes secrets… Sync as Kubernetes Secret
with Secrets Store CSI Driver. 1 2 3 8
github.com/ joatmon08/ hashicorp-vault-flux 9
1. hashicorp.com/blog/manage-kubernetes-secrets- for-flux-with-hashicorp-vault 2. fluxcd.io/docs/guides/mozilla-sops/#encrypting-s ecrets-using-hashicorp-vault 3. secrets-store-csi-driver.sigs.k8s.io/ 4. vaultproject.io/docs/platform/k8s/csi
5. vaultproject.io/docs/platform/k8s/injector Resources 10
Copyright © 2022 HashiCorp Thank you! May 19, 2021 Rosemary
Wang @joatmon08 joatmon08.github.io 11