We’ve all been there. We have a thing we did by hand, it gave us back an API key or a service account.
We have another thing that consumes it. Maybe its in a CI pipeline. Maybe its a deploy step.
So, we did the natural thing, commited the data to git. A short time later we found our data buckets were public, our nodes were crypto-mining, and Google Maps API key cost crossed over the price of a bitcoin.
What are (some of) the solutions?
In this presentation I will go through how we (Agilicus) use Google Secrets Manager and SOPS with Kustomize, allowing us to have GitOps with security. Use cases include binary signing in The Update Framework, and Kubernetes Secrets.
Come One, Come All