Kubernetes secrets - are they really?

Jon Arild Tørresdal

Short workshop - in English

From the Kubernetes docs:

Kubernetes secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

Are these secret objects really secret? It depends on your requirements for how private your secrets should be, but most likely they are less private than you think.

Working in a bank, we have certain secrets no one should ever see or know, except for the systems using them. Can we use secret objects for these? No, but there exists solutions that nicely integrates with Kubernetes, that are secure, free and open source.

What if you store your secrets in a Key Vault? How do you access these without manually adding (and updating) them to Kubernetes, and at the same time take advantage of how Pods nicely integrates with secrets? Again, there are elegant ways to solve this too.

In this workshop we will dive into how secret objects are stored and managed in Kubernetes, which limitations you should be aware of, and how to use open source solutions to overcome these limitations. One of the solutions is the popular open siurce project Azure Key Vauly to Kubernetes, authored by Jon Arild. 

Primarily for: Developers, Tester/test leads, Architects, Security professionals, Product developers

Participant requirements: Laptop.