Protecting Sensitive Code with Encrypted Container Images on Kubernetes - Brandon Lum & Harshal Patil, IBM

less than 1 minute read

Abstract

Many enterprises are driven by trade secrets in their code - whether it is a proprietary AI model, or a secret high frequency trading strategy. It is of utmost importance that critical algorithms, proprietary code, or other content that is highly sensitive have minimum exposure unencrypted. In this talk, we will show the end-to-end process of how users can create an encrypted container during the build process, to running encrypted container images on a Kubernetes cluster with the proposed ImageDecryptSecrets. We will show how the Encrypted Images OCI spec allows fine-grained encryption through leveraging layering of container images. Finally, we will talk about how Image Encryption will integrate into the container ecosystem, and talk about several possibilities for innovation in the container DevSecOps pipeline.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Protecting Sensitive Code with Encrypted Container Images on Kubernetes - Brandon Lum & Harshal Patil, IBM

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google