Kubernetes secrets - are they really?
Jon Arild Tørresdal
Short workshop - in English
From the Kubernetes docs:
secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.
Are these secret objects really secret? It depends on your requirements for how private your secrets should be, but most likely they are less private than you think.
Working in a bank, we have certain secrets no one should ever see or know, except for the systems using them. Can we use secret objects for these? No, but there exists solutions that nicely integrates with Kubernetes, that are secure, free and open source.
What if you store your secrets in a Key Vault? How do you access these without manually adding (and updating) them to Kubernetes, and at the same time take advantage of how Pods nicely integrates with secrets? Again, there are elegant ways to solve this too.
In this workshop we will dive into how secret objects are stored and managed in Kubernetes, which limitations you should be aware of, and how to use open source solutions to overcome these limitations. One of the solutions is the popular open siurce project Azure Key Vauly to Kubernetes, authored by Jon Arild.
Primarily for: Developers, Tester/test leads, Architects, Security professionals, Product developers
Participant requirements: Laptop.