Рет қаралды 5,583
Secrets are native Kubernetes resources saved in the cluster data store (i.e. etcd database) and can be made available to your containers at runtime. However, using Secrets optimally isn't so straightforward. There are a number of inherent risks that exist around them. Most of which stem from the fact that, by default, Secrets are stored in a non-encrypted format (base64 encoding) in the etcd datastore. In this video, I'll talk about how you can use Sealed Secrets for "one-way" encryption of your Kubernetes Secrets, as well as how to securely access and expose sensitive data as Secrets from centralized secret management systems (i.e. AWS Secrets Manager) with the External Secrets Operator (ESO).
#kubernetes
Resources:
Bitnami Sealed Secrets - github.com/bitnami-labs/sealed-secrets
Mozilla SOPS - github.com/mozilla/sops
External Secrets Operator (EOS) - external-secrets.io/
Timestamps:
0:00 - Introduction
0:27 - Managing Secrets in Kubernetes
01:40 - Bitnami Sealed Secrets Overview
02:52 - Bitnami Sealed Secrets Example
05:59 - Using Centralized Secrets Managers
06:50 - External Secrets Operator (ESO) Overview
07:47 - External Secrets Operator Example with AWS Secrets Manager
Connect:
GitHub: github.com/LukeMwila
Twitter: LuKE9ine
Medium: medium.com/@outlier.developer
LinkedIn: www.linkedin.com/in/lukonde-mwila-25103345/
If you found this video helpful, please like the video and subscribe to the channel!