Secrets are a vital part of operating, not only a bank, but every software system. I will outline how we are handling secrets at Lunar, what the pros and cons of our current approach is and discuss the properties we are looking for in a solid secrets management solution.
Recently, we started using ArgoCD and GitOps, and to be able to handle our secrets in a GitOps environment, we needed to investigate in a secret manager. We chose External Secrets and in this presentation I will tell you how it works and how it fits in our workflow at Annotell.
What is this Vault thing people are talking about? In this talk I will do a quick presentation on HashiCorp Vault. You will hear about the ways we used Vault in an air gapped environment and how we controlled data. In a broader scope, you will also hear how you can integrate HashiCorp Vault with Kubernetes and use ServiceAccounts as as way to authenticate to Vault.
13:50 Event wrap-up and discussions
Peter Steffensen is a Security Engineer at Lunar. He started his career developing software for Hardware Security Modules and later moved on to do security consultant work mainly focused on cloud security. Currently he is trying to make life as easy as possible for the Lunar engineers while at the same time injecting security into every part of the development process.
Henrik Høegh is a Cloud Native Co-organizer in Cloud Native Aarhus where he contributes to the community with event planning and talks. He works as Platform Engineer at Lunar maturing, developing the platform and giving support to its users. He speaks at meetups and conferences to share and network, and he also teach platform engineering in his Platform Engineering Courses next to working at Lunar.