Secret management with GitOps and Kubernetes can be tricky. As a developer, you want all your configuration in Git, so you can see at a glance how your systems should be configured as well as manage it the same way you manage your code. But part of your configuration might be sensitive data (passwords, API keys, certificates). Since Git doesn’t have any security controls, if someone can read the repository, they can read every file in it.
Kara de la Marck provides different strategies on how to deal with secrets to help you, so you don’t show them to everyone who can ready your Git repository.
Introduction: (0:00)
Why Git?: (1:00)
Why Kubernetes ?: (2:50)
What’s a Secret?: (5:13)
Security Concern in Git: (6:58)
Strategies for Managing Secrets: (8:58)
To Avoid Storing Secrets in Git: (11:25)
Rules: (13:16)
External Secret Management Systems: (14:34)
Using Jenkins X: (17:23)
Jenkins X 3 Alpha and Community Links: (18:45)
Wrap-up: (19:15)
Q&A: (20:40)
Speaker: Kara de la Marck, CloudBees
Slides: View PDF