3 Encrypting Secrets the Kubernetes-Native Way

In the previous two chapters, we have reviewed together the foundational knowledge regarding the architecture, implementation, and usage of Secret objects within the Kubernetes architecture and design. We also established that Secret objects are not safe as-is within Kubernetes platforms due to their unencrypted nature, both in terms of key-value pair and the etcd data file, resulting in major security exposures for your business.

In this chapter, we will get closer to both Kubernetes and etcd, understanding their associated security weaknesses and how we can mitigate or reduce them. While these responses could be considered tightly coupled with the container platform deployment, thanks to the open ...

Get Kubernetes Secrets Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kubernetes Secrets Handbook by Emmanouil Gkatziouras, Rom Adams, Chen Xi

3

Encrypting Secrets the Kubernetes-Native Way

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly