Managing Secrets Deployment in GitOps Workflow - Part 2

DZone

Background

In my previous post Managing Secrets Deployment in GitOps Workflow I talked about SealedSecrets, which is one of the ways to keep Kubernetes secrets in version control to implement the GitOps workflow. This approach has the following downsides:

The sealed secret is encrypted with its own random asymmetric key that is specific to the sealed secret name and namespace and therefore copy-pasting the encrypted data for another secret or in another namespace won’t work.
Secondly, by default, SealedSecrets generated for a cluster won’t work with another cluster because the installation of Bitnami Controller creates a new pair of public/private keys. This makes the overall GitOps implementation approach cumbersome.

One solution may be to export and import the same set of keys from one cluster to another. However, if the key on a cluster gets compromised, it would grant access to all sealed secrets on all clusters with the same key pair.

Source: DZone

Pyntax

Managing Secrets Deployment in GitOps Workflow – Part 2

ByJaswinder Kumar

Background

By Jaswinder Kumar

Related Post

Setting Real-Time Cost Alerts in Kubernetes With Kubecost

3 Common Encryption Mistakes That Are Easy to Avoid

Advice for Someone Moving From SRE to Backend Engineering

You missed

Teslas made in Texas will likely have to leave the state before Texans can buy them

MagSafe used to fish out iPhone 12 Pro dropped in canal

Wacom Cintiq Pro 24 Touch review: Beautiful but needs improvement

Google made it hard for users to keep location data private

Pyntax