Davide Imola
Securing secrets in the GitOps Era
#1about 8 minutes
Understanding the fundamentals and benefits of GitOps
GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.
#2about 5 minutes
The security risk of storing secrets in Git
Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.
#3about 15 minutes
Encrypting secrets in Git with Sealed Secrets
Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.
#4about 3 minutes
Evaluating the pros and cons of Sealed Secrets
While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.
#5about 7 minutes
Managing secrets with external secret managers
External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.
#6about 2 minutes
Integrating external secret managers into Kubernetes
Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.
#7about 18 minutes
Q&A on GitOps secret management practices
The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
18:06 MIN
Using Sealed Secrets to safely store secrets in Git
Securing Secrets in the GitOps era
13:58 MIN
The risk of exposing credentials in Git repositories
Securing Secrets in the GitOps era
42:23 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
00:35 MIN
Understanding the fundamentals of GitHub Secrets
Best Practices for Using GitHub Secrets
30:56 MIN
Securing workflows with secrets and best practices
CI/CD with Github Actions
28:35 MIN
Securely handing over credentials and application secrets
SRE Methods In an Agency Environment
41:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
00:19 MIN
Introduction to GitOps and the talk agenda
Get ready for operations by pull requests
Featured Partners
Related Videos
58:57Securing Secrets in the GitOps era
Alex Soto
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
56:06Stop Committing Your Secrets - GIt Hooks To The Rescue!
Dwayne McDaniel
30:07External Secrets Operator: the secrets management toolbox for self-sufficient teams
Moritz Johner
58:44How to GitOps your cluster with Flux
Davide Imola
29:50Real-World Security for Busy Developers
Kevin Lewis
50:02Get ready for operations by pull requests
Liviu Costea
33:20DevSecOps: Security in DevOps
Aarno Aukia
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
DevOps Engineer - Kubernetes (w/m/d)
smartclip Europe GmbH
Hamburg, Germany
Intermediate
Senior
GIT
Linux
Python
Kubernetes
Cloud-native Platform Engineer/Architect (Kubernetes / DevOps / GitOps)*
Cegeka Deutschland GmbH
Remote
DevOps
Gitlab
Kubernetes
Kubernetes Lifecycle & Security Engineer / Distributed Cloud - STACKIT (gn)
Webseite STACKIT
Intermediate
Kubernetes
Cloud & DevOps Engineer Kubernetes, GitOps & Observability
AllatNet Recruiting GmbH & Co. KG
DevOps
Docker
Grafana
Jenkins
Terraform
+3
Cloud & DevOps Engineer Kubernetes, GitOps & Observability
AllatNet Recruiting GmbH & Co. KG
DevOps
Docker
Grafana
Jenkins
Terraform
+3