A Better Story for Kubernetes Secrets

Discover techniques for securing Kubernetes secrets in this 37-minute conference talk from Strange Loop. Learn about the vulnerabilities of plaintext values in etcd and explore various approaches to protect sensitive information. Delve into encryption methods, KMS plugins, and tools like HashiCorp Vault, while understanding the tradeoffs of each solution. Follow along as Seth Vargo, an engineer at Google Cloud, guides you through application layer encryption, Kubernetes defaults, envelope encryption, and encryption provider configuration. Gain insights into the Volt tool and leave with a comprehensive understanding of how to better secure your Kubernetes clusters.

Introduction
Why do we care
Ways to protect secrets
Application layer encryption
Kubernetes defaults
Encryption
Envelope Encryption
Summary
Drawbacks
Plugins
Encryption Provider Configuration
Volt
Recap