Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Secure Your Secrets in GitOps
Search
Rosemary Wang
May 19, 2022
Programming
1
98
Secure Your Secrets in GitOps
Learn how to inject secrets into your applications with Flux, a GitOps tool on Kubernetes.
Rosemary Wang
May 19, 2022
Tweet
Share
More Decks by Rosemary Wang
See All by Rosemary Wang
Build for massive scale & security with the HashiCorp Cloud Platform
joatmon08
0
31
People, process, and technology for ILM and SLM adoption
joatmon08
0
17
Secure Day 2 operations with Boundary and Vault
joatmon08
0
44
Can You Test Your Infrastructure as Code?
joatmon08
1
83
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
46
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
60
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
59
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
50
Building a Developer Platform? Ask these questions.
joatmon08
0
57
Other Decks in Programming
See All in Programming
カウシェで Four Keys の改善を試みた理由
ike002jp
1
140
Носок на сок
bo0om
0
1.3k
エンジニア向けCursor勉強会 @ SmartHR
yukisnow1823
3
12k
Cursor/Devin全社導入の理想と現実
saitoryc
29
22k
2025-04-25 GitHub Copilot Agent ライブデモ(スクリプト)
goataka
0
110
KANNA Android の技術的課題と取り組み
watabee
1
480
Laravel × Clean Architecture
bumptakayuki
PRO
0
150
知識0からカンファレンスやってみたらこうなった!
syossan27
4
220
Jakarta EE Meets AI
ivargrimstad
0
880
エンジニアが挑む、限界までの越境
nealle
1
330
Golangci-lint v2爆誕: 君たちはどうすべきか
logica0419
1
250
バイラテラルアップサンプリング
fadis
3
500
Featured
See All Featured
BBQ
matthewcrist
88
9.6k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Statistics for Hackers
jakevdp
799
220k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Six Lessons from altMBA
skipperchong
28
3.8k
Practical Orchestrator
shlominoach
187
11k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
48
5.4k
Building Adaptive Systems
keathley
41
2.5k
Docker and Python
trallard
44
3.4k
Writing Fast Ruby
sferik
628
61k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.7k
Transcript
Copyright © 2022 HashiCorp Secure Your Secrets in GitOps May
19, 2021 Rosemary Wang Developer Advocate at HashiCorp she/her @joatmon08 1
Works, but not ideal. Use SOPS to encrypt and store
in version control. 1 2 3 fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault SOPS 2. Commit encrypted secret to version control. 1. Use encryption key from Vault to encrypt secret. 2
What happens when you accidentally commit a plaintext secret? 3
1. Regret 2. Revoke 3. Rotate 4. Reference 5. Replace
6. Re-run Plan R AKA Remediation 4
Is there a better way? 5
Kubernetes Secret Plaintext 😨 Needs role-based access controls 🤔 Secrets
Manager Securely stores secrets (Some) Rotate secrets for you Audits access Securing Secrets Credentials, Tokens, Keys, Certificates 6
Secrets Manager + Kubernetes Use file-based secrets injection with Secrets
Store CSI Driver. 1 2 3 secrets-store-csi-driver.sigs.k8s.io/ vaultproject.io/docs/platform/k8s/csi @joatmon08 7
If you still need Kubernetes secrets… Sync as Kubernetes Secret
with Secrets Store CSI Driver. 1 2 3 8
github.com/ joatmon08/ hashicorp-vault-flux 9
1. hashicorp.com/blog/manage-kubernetes-secrets- for-flux-with-hashicorp-vault 2. fluxcd.io/docs/guides/mozilla-sops/#encrypting-s ecrets-using-hashicorp-vault 3. secrets-store-csi-driver.sigs.k8s.io/ 4. vaultproject.io/docs/platform/k8s/csi
5. vaultproject.io/docs/platform/k8s/injector Resources 10
Copyright © 2022 HashiCorp Thank you! May 19, 2021 Rosemary
Wang @joatmon08 joatmon08.github.io 11
joatmon08
ike002jp
bo0om
yukisnow1823
saitoryc
goataka
watabee
bumptakayuki
syossan27
ivargrimstad
nealle
logica0419
fadis
matthewcrist
sugarenia
jakevdp
chrisshort
skipperchong
shlominoach
maggiecrowley
reverentgeek
keathley
trallard
sferik
zakiyama
