How to Secure Secrets

Explore the insecurities associated with using Secrets and discuss the actions we can perform to secure the environment.

We'll cover the following...

Insecure configurations
The way to secure Secrets

Insecure configurations

Almost everything Kubernetes needs is stored in etcd. This includes Secrets. The problem is that they are stored as plain text. Anyone with access to etcd has access to Kubernetes Secrets. We can limit access to etcd, but that’s not the end of our troubles.

etcd stores data to disk as plain text. Restricting the access to etcd still leaves the Secrets vulnerable to anyone who has access to the file system. That, in a way, diminishes the advantage of storing Secrets in ...

How Did We Get Here?

Pods

ReplicaSets

Services

Deployments

Ingress

Volumes

ConfigMaps

Secrets

Namespaces

Securing Kubernetes Clusters

Managing Resources

Creating A Production-Ready Kubernetes Cluster

Create a Production-Ready Kubernetes Cluster

Persisting State

Deploy Stateful Applications with Persistent State

Create a Docker Swarm

Appendix: Running a Kubernetes Cluster Locally

How to Secure Secrets

Insecure configurations