...

/

How to Secure Secrets

How to Secure Secrets

Explore the insecurities associated with using Secrets and discuss the actions we can perform to secure the environment.

Insecure configurations

Almost everything Kubernetes needs is stored in etcd. This includes Secrets. The problem is that they are stored as plain text. Anyone with access to etcd has access to Kubernetes Secrets. We can limit access to etcd, but that’s not the end of our troubles.

etcd stores data to disk as plain text. Restricting the access to etcd still leaves the Secrets vulnerable to anyone who has access to the file system. That, in a way, diminishes the advantage of storing Secrets in ...