Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.
Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.
Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.
Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.
External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.
ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.
ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.
The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.
Raiffeisen Bank International AG
Vienna, Austria
58:52Davide Imola
58:57Alex Soto
16:00Ali Yazdani
36:33Marcel Lupo
42:45Marc Nimmerrichter
17:31Axel Barbier
32:55Natale Vinto
31:48Jan Steffen
Jobs that call for the skills explored in this talk.
Enclaive Gmbh
Hamburg, Germany
Cloud Solutions
Frankfurt am Main, Germany
Vesterling Consulting GmbH
Nürnberg, Germany
