Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Secure Your Secrets in GitOps
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Rosemary Wang
May 19, 2022
Programming
140
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Secure Your Secrets in GitOps
Learn how to inject secrets into your applications with Flux, a GitOps tool on Kubernetes.
Rosemary Wang
May 19, 2022
More Decks by Rosemary Wang
See All by Rosemary Wang
From Platform Engineering to AI Automation: Building Infrastructure for Agent Systems
joatmon08
0
93
Context Engineering 101: A Practical Introduction
joatmon08
1
61
Build for massive scale & security with the HashiCorp Cloud Platform
joatmon08
0
100
People, process, and technology for ILM and SLM adoption
joatmon08
0
85
Secure Day 2 operations with Boundary and Vault
joatmon08
0
90
Can You Test Your Infrastructure as Code?
joatmon08
1
140
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
110
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
100
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
140
Other Decks in Programming
See All in Programming
SREの積み重ねがAI駆動開発のガードレールになった ― 7つの実践/SRE Guardrails The 7
tomoyakitaura
8
3.9k
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
580
PHPだって関数型したい 〜できること、できないこと〜 / fp-in-php
jsoizo
0
190
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
150
Haskell/Servantを通してWebミドルウェアを捉え直す
pizzacat83
1
480
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.6k
才能?センス?知らん、 続けたもん勝ちだ。-- 結婚・出産・癌を越えてなお、私がプロダクトを創り続ける理由
16bitidol
2
830
AIエージェントで 変わるAndroid開発環境
takahirom
2
490
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
1.1k
「正の参照」と 「負の導出」で組む ハーネスエンジニアリング
cottpan
1
140
act1-costs.pdf
sumedhbala
0
210
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
260
Featured
See All Featured
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.5k
KATA
mclloyd
PRO
35
15k
My Coaching Mixtape
mlcsv
0
170
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.2k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
63
55k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
180
Practical Orchestrator
shlominoach
191
11k
How to Ace a Technical Interview
jacobian
281
24k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
410
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.6k
Designing for Performance
lara
611
70k
Transcript
Copyright © 2022 HashiCorp Secure Your Secrets in GitOps May
19, 2021 Rosemary Wang Developer Advocate at HashiCorp she/her @joatmon08 1
Works, but not ideal. Use SOPS to encrypt and store
in version control. 1 2 3 fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault SOPS 2. Commit encrypted secret to version control. 1. Use encryption key from Vault to encrypt secret. 2
What happens when you accidentally commit a plaintext secret? 3
1. Regret 2. Revoke 3. Rotate 4. Reference 5. Replace
6. Re-run Plan R AKA Remediation 4
Is there a better way? 5
Kubernetes Secret Plaintext 😨 Needs role-based access controls 🤔 Secrets
Manager Securely stores secrets (Some) Rotate secrets for you Audits access Securing Secrets Credentials, Tokens, Keys, Certificates 6
Secrets Manager + Kubernetes Use file-based secrets injection with Secrets
Store CSI Driver. 1 2 3 secrets-store-csi-driver.sigs.k8s.io/ vaultproject.io/docs/platform/k8s/csi @joatmon08 7
If you still need Kubernetes secrets… Sync as Kubernetes Secret
with Secrets Store CSI Driver. 1 2 3 8
github.com/ joatmon08/ hashicorp-vault-flux 9
1. hashicorp.com/blog/manage-kubernetes-secrets- for-flux-with-hashicorp-vault 2. fluxcd.io/docs/guides/mozilla-sops/#encrypting-s ecrets-using-hashicorp-vault 3. secrets-store-csi-driver.sigs.k8s.io/ 4. vaultproject.io/docs/platform/k8s/csi
5. vaultproject.io/docs/platform/k8s/injector Resources 10
Copyright © 2022 HashiCorp Thank you! May 19, 2021 Rosemary
Wang @joatmon08 joatmon08.github.io 11