Can Kubernetes Keep a Secret? It all depends what tool you’re using

Can Kubernetes Keep a Secret? It all depends what tool you’re using

  • January 30, 2019
Table of Contents

Can Kubernetes Keep a Secret? It all depends what tool you’re using

At Soluto, we have super-devs who have full ownership: from writing code to deploying it to monitoring. When we made the shift to Kubernetes, we wanted to keep our devs independent and put a lot of effort into allowing them to create services rapidly. It all worked like a charm – until they had to handle credentials.

This challenge leads us to build Kamus – an open source, GitOps, zero trust, secrets solution for Kubernetes applications. Kamus allows you to seamlessly encrypt secret values and commit them to source control. But before diving into how Kamus works, let’s do a quick recap of Kubernetes native secrets solution, and why we even need Kamus.

As you may already know, Kubernetes has a built-in object for secret management, with the super surprising name “Secret”. A Kubernetes secret is a simple object that’s stored securely (e.g. encrypted at rest) by the orchestrator, and can contain arbitrary data in key-value format. Here’s an example of what a Kubernetes secret looks like:

Source: solutotlv.com

Tags :
Share :
comments powered by Disqus

Related Posts

Docker and Kubernetes in high security environments

Docker and Kubernetes in high security environments

This is brief summary of parts of my master’s thesis and the conclusions to draw from it. This medium-story focuses on containerized application isolation. The thesis also covers segmentation of cluster networks in Kubernetes which is not discussed in this story.

Read More
Container Storage Interface (CSI) for Kubernetes GA

Container Storage Interface (CSI) for Kubernetes GA

The Kubernetes implementation of the Container Storage Interface (CSI) has been promoted to GA in the Kubernetes v1.13 release. Support for CSI was introduced as alpha in Kubernetes v1.9 release, and promoted to beta in the Kubernetes v1.10 release. The GA milestone indicates that Kubernetes users may depend on the feature and its API without fear of backwards incompatible changes in future causing regressions.

Read More
Running Kubernetes in the Federal Government

Running Kubernetes in the Federal Government

Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year.

Read More