It's well known that Kubernetes is not a good secret keeper. It knows how to record secrets within its etcd but does it without any encryption mechanism to secure them. The results is a secret encoded in base64 open to anyone within enough privileges. Booh would shout the crowd! Well, the Kubernetes project contributors did put in place a framework to leverage a Key Management Service via the usage of a plugin to secure any secrets using an universal mechanism without introducing any specific tooling or processes into your deployment strategies. This session will give a quick tour of the Secret landscape, what is the Kubernetes KMS provider approach and how to use it.
Ondat
Principal Cloud Architect
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer