It's well known that Kubernetes is not a good secret keeper. It knows how to record secrets within its etcd but does it without any encryption mechanism to secure them. The results is a secret encoded in base64 open to anyone within enough privileges. Booh would shout the crowd! Well, the Kubernetes project contributors did put in place a framework to leverage a Key Management Service via the usage of a plugin to secure any secrets using an universal mechanism without introducing any specific tooling or processes into your deployment strategies. This session will give a quick tour of the Secret landscape, what is the Kubernetes KMS provider approach and how to use it.