Managing Secrets in GitOps - Best Practices and Tools

Explore the complexities of managing sensitive assets in GitOps implementations in this 29-minute conference talk by Andrew Block from Red Hat. Learn about various tools and strategies for handling secrets securely in Git repositories, including encryption methods, integrations with secrets management engines, and techniques for working with public cloud providers. Discover how to detect sensitive information, implement proper security measures, and leverage GitOps engines for managing confidential resources. Gain insights into tools like Sealed Secrets, Kubernetes CSI Driver, and preventative measures to ensure continuous security. By the end of this talk, acquire the knowledge needed to protect sensitive assets effectively in your GitOps solutions.

Intro
GitOps Principles
Where sensitive assets come from
Managing GitOps the wrong way
Implications of improper secrets management
How to store secrets
Which tool is the right one
GitOps traits
Where to store secrets
How to reference secrets
Tools
Kubernetes
Sealed Secrets
GitOps Engine
How to Use Secrets
How to Consume Secrets
Limitations to Secrets
Sidecar
Kubernetes CSI Driver
Implementing CSI Driver in Kubernetes
Preventative Measures
Security is Continuous
Thank you