Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.
Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.
Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.
Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.
External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.
ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.
ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.
The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.
58:52Davide Imola
58:57Alex Soto
16:00Ali Yazdani
36:33Marcel Lupo
42:45Marc Nimmerrichter
17:31Axel Barbier
32:55Natale Vinto
44:00Dimitrij Klesev & Andreas Zeissner
.gif?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
smartclip Europe GmbH
Hamburg, Germany
AUTO1 Group SE
Berlin, Germany
iits-consulting GmbH
München, Germany
e.solutions GmbH