Loading Events

« All Events

  • This event has passed.

Secrets Managment in a GitOps Era: Or, how to avoid your data becoming public and your api cost hitting infinity

2021-02-16 @ 15:00 16:00 EST

991fb0d9 top secret

We’ve all been there. We have a thing we did by hand, it gave us back an API key or a service account.

We have another thing that consumes it. Maybe its in a CI pipeline. Maybe its a deploy step.

So, we did the natural thing, commited the data to git. A short time later we found our data buckets were public, our nodes were crypto-mining, and Google Maps API key cost crossed over the price of a bitcoin.

What are (some of) the solutions?

  • Vault style technologies (Google Secrets Manager, Hashi Vault, etc)
  • sops-style solutions (encrypt it and commit it to git)
  • chatops flows (systems asks for secret, waiting for a human)
  • panic and despair

In this presentation I will go through how we (Agilicus) use Google Secrets Manager and SOPS with Kustomize, allowing us to have GitOps with security. Use cases include binary signing in The Update Framework, and Kubernetes Secrets.

Come One, Come All