Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Secure Your Secrets in GitOps
Search
Rosemary Wang
May 19, 2022
Programming
140
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Secure Your Secrets in GitOps
Learn how to inject secrets into your applications with Flux, a GitOps tool on Kubernetes.
Rosemary Wang
May 19, 2022
More Decks by Rosemary Wang
See All by Rosemary Wang
From Platform Engineering to AI Automation: Building Infrastructure for Agent Systems
joatmon08
0
94
Context Engineering 101: A Practical Introduction
joatmon08
1
63
Build for massive scale & security with the HashiCorp Cloud Platform
joatmon08
0
100
People, process, and technology for ILM and SLM adoption
joatmon08
0
85
Secure Day 2 operations with Boundary and Vault
joatmon08
0
90
Can You Test Your Infrastructure as Code?
joatmon08
1
140
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
110
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
100
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
140
Other Decks in Programming
See All in Programming
ローカルLLMでどこまでコードが書けるか -縮小版 / How much code can be written on a local LLM Shortened
kishida
2
190
Claude Opus 4.6以後の受託開発エンジニアの変化(Claude Code開発ノウハウ大公開スペシャルbyクラスメソッド)
iidatakuma
1
580
OSINT for SRE: 学術論文とポストモーテムから探る システム障害の共通パターン / SRE NEXT 2026
tomoyk
1
3.5k
壊れたパーサから始める関数型設計と構成的なパーサ #fp_matsuri
raiga0310
2
200
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
350
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
kishida
12
4.7k
Honoでのサプライチェーン侵害対策 〜 3つのライブラリに学ぶ
yusukebe
7
1.8k
AI時代、エンジニアはどう育つのか -未経験エンジニアの成長を間近で見て考えたこと-
thasu0123
0
100
【やさしく解説 設計編 #0】DDDのコード、読めるのに分からない人へ
panda728
PRO
2
260
AI 輔助遺留系統現代化的經驗分享
jame2408
1
1.2k
自作OSでスライド発表する
uyuki234
1
3.8k
Webフレームワークの ベンチマークについて
yusukebe
0
200
Featured
See All Featured
Measuring & Analyzing Core Web Vitals
bluesmoon
9
880
The untapped power of vector embeddings
frankvandijk
2
1.8k
The SEO identity crisis: Don't let AI make you average
varn
0
510
The Spectacular Lies of Maps
axbom
PRO
1
850
The Limits of Empathy - UXLibs8
cassininazir
1
450
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
120k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
310
Discover your Explorer Soul
emna__ayadi
2
1.2k
Between Models and Reality
mayunak
4
370
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.4k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.4k
Transcript
Copyright © 2022 HashiCorp Secure Your Secrets in GitOps May
19, 2021 Rosemary Wang Developer Advocate at HashiCorp she/her @joatmon08 1
Works, but not ideal. Use SOPS to encrypt and store
in version control. 1 2 3 fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault SOPS 2. Commit encrypted secret to version control. 1. Use encryption key from Vault to encrypt secret. 2
What happens when you accidentally commit a plaintext secret? 3
1. Regret 2. Revoke 3. Rotate 4. Reference 5. Replace
6. Re-run Plan R AKA Remediation 4
Is there a better way? 5
Kubernetes Secret Plaintext 😨 Needs role-based access controls 🤔 Secrets
Manager Securely stores secrets (Some) Rotate secrets for you Audits access Securing Secrets Credentials, Tokens, Keys, Certificates 6
Secrets Manager + Kubernetes Use file-based secrets injection with Secrets
Store CSI Driver. 1 2 3 secrets-store-csi-driver.sigs.k8s.io/ vaultproject.io/docs/platform/k8s/csi @joatmon08 7
If you still need Kubernetes secrets… Sync as Kubernetes Secret
with Secrets Store CSI Driver. 1 2 3 8
github.com/ joatmon08/ hashicorp-vault-flux 9
1. hashicorp.com/blog/manage-kubernetes-secrets- for-flux-with-hashicorp-vault 2. fluxcd.io/docs/guides/mozilla-sops/#encrypting-s ecrets-using-hashicorp-vault 3. secrets-store-csi-driver.sigs.k8s.io/ 4. vaultproject.io/docs/platform/k8s/csi
5. vaultproject.io/docs/platform/k8s/injector Resources 10
Copyright © 2022 HashiCorp Thank you! May 19, 2021 Rosemary
Wang @joatmon08 joatmon08.github.io 11