Turtles All the Way Down: Securely Managing Kubernetes Secrets With Secrets - Maya Kaczorowski & Alexandr Tcherniakhovski, Google

less than 1 minute read

Abstract

Secrets are the cornerstones of Kubernetes’ security model; they are used both by Kubernetes itself (e.g., service accounts) and by users (e.g., API keys). In this talk, we will discuss users’ options for protecting secrets in Kubernetes. We’ll start with an overview of how secrets are protected and mounted by default in Kubernetes. Then, we’ll cover improvements that have been made in recent releases, including secrets encryption (1.7), and KMS plugins (1.10 Alpha), and how these work with external providers like cloud KMS plugins and HashiCorp Vault. We’ll discuss the tradeoffs of these options based on your requirements. Lastly, we’ll demo how to use a KMS plugin with Kubernetes, and discuss planned improvements to the secrets system in Kubernetes. You’ll leave with an understanding of your secret management options, and an idea of which one is best for your particular needs.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Turtles All the Way Down: Securely Managing Kubernetes Secrets With Secrets - Maya Kaczorowski & Alexandr Tcherniakhovski, Google

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google