Can Kubernetes Keep a Secret? It all depends what tool you’re using

Can Kubernetes Keep a Secret? It all depends what tool you’re using

  • January 30, 2019
Table of Contents

Can Kubernetes Keep a Secret? It all depends what tool you’re using

At Soluto, we have super-devs who have full ownership: from writing code to deploying it to monitoring. When we made the shift to Kubernetes, we wanted to keep our devs independent and put a lot of effort into allowing them to create services rapidly. It all worked like a charm – until they had to handle credentials.

This challenge leads us to build Kamus – an open source, GitOps, zero trust, secrets solution for Kubernetes applications. Kamus allows you to seamlessly encrypt secret values and commit them to source control. But before diving into how Kamus works, let’s do a quick recap of Kubernetes native secrets solution, and why we even need Kamus.

As you may already know, Kubernetes has a built-in object for secret management, with the super surprising name “Secret”. A Kubernetes secret is a simple object that’s stored securely (e.g. encrypted at rest) by the orchestrator, and can contain arbitrary data in key-value format. Here’s an example of what a Kubernetes secret looks like:

Source: solutotlv.com

Tags :
Share :
comments powered by Disqus

Related Posts

Reaching for the Stars with Ansible Operator

Reaching for the Stars with Ansible Operator

In this post I will show you how to use Roles published to Ansible Galaxy as an Operator to manage an application in Kubernetes. Reusing a Role in this way provides an example of how to create an Operator that simply installs an application with the flexibility to expand and customize the behavior organically as requirements dictate. I will leverage both the Ansible Operator and the k8s module to demonstrate how you can use Ansible to create Kubernetes native applications.

Read More
Moving from Kube2Iam to Kiam

Moving from Kube2Iam to Kiam

At Ibotta, we chose kube2iam to assign AWS IAM Roles to containers running in our Kubernetes cluster. Lately, we’ve run into some issues with it—specifically when running a job that scores all of our service repos. This spins up a number of pods in parallel and has often failed to correctly access roles.

Read More
Kubernetes’ first major security hole discovered

Kubernetes’ first major security hole discovered

Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole.

Read More