Moritz Johner
External Secrets Operator: the secrets management toolbox for self-sufficient teams
#1about 2 minutes
Understanding the fundamentals of secrets management
Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.
#2about 4 minutes
A framework for classifying different types of secrets
Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.
#3about 4 minutes
Centralizing secrets from development, CI/CD, and production
Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.
#4about 2 minutes
Overcoming common challenges in secrets management
Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.
#5about 3 minutes
Introducing the External Secrets Operator for Kubernetes
External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.
#6about 4 minutes
Understanding the core concepts and CRDs of ESO
ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.
#7about 5 minutes
Using advanced ESO features for complex use cases
ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.
#8about 5 minutes
Q&A on pod restarts, SOPS, and caching benefits
The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.
Related jobs
Jobs that call for the skills explored in this talk.
Rhein-Main-Verkehrsverbund Servicegesellschaft mbH
Frankfurt am Main, Germany
Senior
Kubernetes
DevOps
+1
VECTOR Informatik
Stuttgart, Germany
Intermediate
Senior
DevOps
Cloud (AWS/Google/Azure)
Matching moments
Featured Partners
Related Videos
58:57Securing Secrets in the GitOps era
Alex Soto
58:52Securing secrets in the GitOps Era
Davide Imola
42:45Kubernetes Security - Challenge and Opportunity
Marc Nimmerrichter
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
26:23OPA for the cloud natives
Philipp Krenn
27:52Chaos in Containers - Unleashing Resilience
Maish Saidel-Keesing
23:08Kubernetes Security Best Practices
Rico Komenda
31:52Debug a Kubernetes Operator
Philipp Krenn
Related Articles
View all articles
.gif?w=240&auto=compress,format)
From learning to earning
Jobs that call for the skills explored in this talk.
Passion for People GmbH
Karlsruhe, Germany
Remote
€70-90K
Azure
DevOps
Gitlab
+10
fulfillmenttools
Köln, Germany
€50-65K
Intermediate
TypeScript
Google Cloud Platform
Continuous Integration
MARKT-PILOT GmbH
Stuttgart, Germany
Remote
€75-90K
Senior
Terraform
Kubernetes
Cloud (AWS/Google/Azure)
zeb consulting
Frankfurt am Main, Germany
Remote
Junior
Intermediate
Senior
Cloud Architecture
Amazon Web Services (AWS)
Cloud (AWS/Google/Azure)
Patronus Group
Berlin, Germany
Senior
Kotlin
Spring Boot
Amazon Web Services (AWS)
Wilken GmbH
Ulm, Germany
Senior
Kubernetes
AI Frameworks
GitHub Copilot
Anthropic Claude
Cloud (AWS/Google/Azure)
Cloud Solutions
Frankfurt am Main, Germany
Go
Bash
Rust
Linux
Shell
+6