Keeping Kubernetes Secrets Secret - Strategies and Best Practices

Explore a comprehensive conference talk on securing Kubernetes secrets, delivered at Conf42 DevSecOps 2023. Delve into the layers of secret management, understanding DevOps and GitOps principles, and their application in Kubernetes environments. Learn about protecting secrets stored in Git, including sealed secrets and external secrets, with a live demonstration. Examine encryption techniques for data at rest and etcd, and discover various solutions for injecting etcd secrets into deployments. Gain insights into Hashicorp Vault implementation, analyzing its advantages and challenges through a practical demo. Conclude with an overview of the secrets lifecycle and valuable resources for further exploration in Kubernetes security.

intro
preamble
about alex
what is a secret
it's about layers
what is devops and gitops?
what is gitops?
gitops application delivery model
protecting secrets stored in git
sealerd secrets
external secrets
demo
encryption data at rest
encrypt etcd data
possible solutions
how we indect etcd secrets into deployments
hashicorp vault
the good, the bad and the ugly
demo
secrets lifecycle
conclusions
thank you
resources