A Confidential Story of Well-Kept Secrets

For generations, secrets have been kept, shared, and exposed. Most would agree that the best-kept secrets are the ones we've never heard of or told others about. The concepts that revolve around maintaining safe secrets are universal and stem from addressing these questions: "Where is the secret kept?", "Who needs to know about the secret?", "How does the secret get shared with the relevant parties?", and "How do you prevent the secret from being easily interpreted?" The answers can help you create a secure lifecycle for storing, sharing, and consuming secrets. In Kubernetes, a secure secret strategy depends on the answers to these same questions. Now more than ever, the vulnerabilities around the storage, sharing, and consumption of secrets in Kubernetes are well known, and as a result, more likely to be exploited. 

In this talk, Lukonde Mwila will share why addressing these questions can optimize managing sensitive data in Kubernetes. In addition, he'll highlight details of a Kubernetes secret strategy from a real-world project in relation to these questions. Lastly, he'll share how answers to these questions can be used to develop a framework for a secure secret lifecycle in Kubernetes environments with a demo using External Secrets Operator, ArgoCD, and OPA Gatekeeper.