Jhonnatan Gil, profile picture
Uploaded byJhonnatan Gil
PDF, PPTX89 views

Secrets acrosscloudk8s

The document discusses various secret management solutions in cloud environments, including AWS Systems Manager, Azure Key Vault, GCP Secret Manager, and HashiCorp Vault. It highlights Kubernetes secrets and the use of External Secrets Operator to integrate external secret management systems with Kubernetes, allowing for secure handling of sensitive data. The content also includes an overview of the architecture and a demo for implementing secrets in Kubernetes using External Secrets Operator.

Embed presentation

Download as PDF, PPTX
Secrets in Kubernetes Across Cloud “Life is really simple, but we insist on making it complicated..” Confucius @jthan24 Jhonny Pong (Jhonnatan Gil)
Contents aws-ssm azure-keyvault gcp-secret-manager hashicorp-vault Kubernetes Secrets external secrets demo
AWS - Systems Manager Parameter Store Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter.
Azure - Key Vault Secrets Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys.
GCP - Secret Manager Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.
Hashicorp - Vault Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
Kubernetes
What is kubernetes Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
Secrets A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.
External Secrets External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
What, ¿operator? Operators are software extensions to Kubernetes that make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.
External Secrets - Architecture First, define secret in your cloud or on premise (Bare Metal) provider. Second, write your YAML config file to obtain secret. Third, use the secret in your Cluster.
Demo Time
First create a secret in vault. Second deploy external secrets with helm in Kubernetes cluster. Third using external secrets operator for configure vault. Fourth sync secret from vault to secret in kubernetes. Back to slide 7
Questions ¿?
Thank you!! Thank you for your time!! I hope you learn something new!! @jthan24

More Related Content

PPTX
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
byRoy Kim
 
PPTX
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
PDF
Microsoft Azure Administrator-AZ 103 training in Bangalore
byNetworkers HOME
 
PPTX
Azure key vault - Brisbane User Group
byRahul Nath
 
PDF
Aws securing data_at_rest_with_encryption (1)
byCMR WORLD TECH
 
PPTX
Global Azure Bootcamp 2017 - Azure Key Vault
byAlberto Diaz Martin
 
PPTX
Assessing security of your Active Directory
byAldo Elam Majiah
 
PDF
Active Directory & LDAP | Security for Elasticsearch
byJochen Kressin
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
byRoy Kim
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
Microsoft Azure Administrator-AZ 103 training in Bangalore
byNetworkers HOME
 
Azure key vault - Brisbane User Group
byRahul Nath
 
Aws securing data_at_rest_with_encryption (1)
byCMR WORLD TECH
 
Global Azure Bootcamp 2017 - Azure Key Vault
byAlberto Diaz Martin
 
Assessing security of your Active Directory
byAldo Elam Majiah
 
Active Directory & LDAP | Security for Elasticsearch
byJochen Kressin
 

What's hot

PDF
A guide on Aws Security Token Service
byBlazeclan Technologies Private Limited
 
PPTX
Data Encryption - Azure Storage Service
byUdaiappa Ramachandran
 
PPTX
IBM Secret Key management protoco
bygori4
 
PPT
SQL Server Encryption - Adi Cohn
bysqlserver.co.il
 
PPTX
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
byMorgan Simonsen
 
PPTX
AWS Security
byVijayendra Bhati
 
PPTX
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
PDF
Azure Active Directory
bySovelto
 
PPTX
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
PPTX
Windows Azure Active Directory
byKrunal Trivedi
 
PPTX
Azure active directory
byRaju Kumar
 
PDF
Azure Meetup: Keep your secrets and configurations safe in azure!
bydotnetcode
 
PPTX
The Key to Strong Cloud Security
byAkeyless
 
PPTX
Kubernetes Secrets Management - Securing Your Production Environment
byAkeyless
 
PDF
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
byITProceed
 
PDF
Identity Security - Azure Active Directory
byEng Teong Cheah
 
PDF
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
byAkeyless
 
PPTX
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
byVinu Gunasekaran
 
PDF
Designing Secure APIs in the Cloud
byPostman
 
PDF
Making App Developers More Productive
byPostman
 
A guide on Aws Security Token Service
byBlazeclan Technologies Private Limited
 
Data Encryption - Azure Storage Service
byUdaiappa Ramachandran
 
IBM Secret Key management protoco
bygori4
 
SQL Server Encryption - Adi Cohn
bysqlserver.co.il
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
byMorgan Simonsen
 
AWS Security
byVijayendra Bhati
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
Azure Active Directory
bySovelto
 
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
Windows Azure Active Directory
byKrunal Trivedi
 
Azure active directory
byRaju Kumar
 
Azure Meetup: Keep your secrets and configurations safe in azure!
bydotnetcode
 
The Key to Strong Cloud Security
byAkeyless
 
Kubernetes Secrets Management - Securing Your Production Environment
byAkeyless
 
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
byITProceed
 
Identity Security - Azure Active Directory
byEng Teong Cheah
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
byAkeyless
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
byVinu Gunasekaran
 
Designing Secure APIs in the Cloud
byPostman
 
Making App Developers More Productive
byPostman
 

Similar to Secrets acrosscloudk8s

PDF
Overview of secret management solutions and architecture
byYuechuan (Mike) Chen
 
PDF
Kubernetes Secrets Management on Production with Demo
byOpsta
 
PDF
Sharing secret keys in Docker containers and K8s
byJose Manuel Ortega Candel
 
PPTX
Secret Management Architectures
byStenio Ferreira
 
PDF
Knolx_ Sealed Secrets
byKnoldus Inc.
 
PDF
K8 Meetup_ K8s secrets management best practices (Git Guardian).pdf
byMichaelOLeary82
 
PDF
Kubernetes Secrets Management Meap V06 1 All 8 Chapters Alex Soto Bueno Andre...
bycawulineriku
 
PDF
Commit 2024 - Secret Management made easy
byAlfredo García Lavilla
 
PDF
Secrets Management and Delivery to Kubernetes Pods
bySatish Devarapalli
 
PDF
Secrets in Kubernetes
byJerry Jalava
 
PDF
Kubernetes Webinar - Using ConfigMaps & Secrets
byJanakiram MSV
 
PPTX
Managing Secrets in Production
byErik Osterman
 
PDF
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
PDF
Shifting security left simplifying security for k8s open shift environments
byLibbySchulze
 
PDF
Commit 2024 Secrets Management Made Easy
byAlfredo García Lavilla
 
PDF
Codemotion Madrid 2023 - Sealed Secrets_ protegiendo tus Secretos de Kubernet...
byAlfredo García Lavilla
 
PDF
Secrets in Kubernetes
byQvik
 
PDF
XP Days 2019: First secret delivery for modern cloud-native applications
byVlad Fedosov
 
PDF
London HUG 19/5 - Kubernetes and vault
byLondon HashiCorp User Group
 
PDF
Your (container) secret's safe with me
byLiz Rice
 
Overview of secret management solutions and architecture
byYuechuan (Mike) Chen
 
Kubernetes Secrets Management on Production with Demo
byOpsta
 
Sharing secret keys in Docker containers and K8s
byJose Manuel Ortega Candel
 
Secret Management Architectures
byStenio Ferreira
 
Knolx_ Sealed Secrets
byKnoldus Inc.
 
K8 Meetup_ K8s secrets management best practices (Git Guardian).pdf
byMichaelOLeary82
 
Kubernetes Secrets Management Meap V06 1 All 8 Chapters Alex Soto Bueno Andre...
bycawulineriku
 
Commit 2024 - Secret Management made easy
byAlfredo García Lavilla
 
Secrets Management and Delivery to Kubernetes Pods
bySatish Devarapalli
 
Secrets in Kubernetes
byJerry Jalava
 
Kubernetes Webinar - Using ConfigMaps & Secrets
byJanakiram MSV
 
Managing Secrets in Production
byErik Osterman
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
Shifting security left simplifying security for k8s open shift environments
byLibbySchulze
 
Commit 2024 Secrets Management Made Easy
byAlfredo García Lavilla
 
Codemotion Madrid 2023 - Sealed Secrets_ protegiendo tus Secretos de Kubernet...
byAlfredo García Lavilla
 
Secrets in Kubernetes
byQvik
 
XP Days 2019: First secret delivery for modern cloud-native applications
byVlad Fedosov
 
London HUG 19/5 - Kubernetes and vault
byLondon HashiCorp User Group
 
Your (container) secret's safe with me
byLiz Rice
 

Recently uploaded

PPTX
Network intrusion detection system .pptx
byvenomghost09082000
 
PPTX
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPTX
Industrial Smart Ventilation system.pptx
byfsanjay42
 
PDF
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
PPTX
The Complete Guide to Energy Audits_ Unlocking Savings, Sustainability, and P...
bygreentechnexus2024
 
PDF
AI-Driven CTI for Business: Emerging Threats, Attack Strategies, and Defensiv...
byAIRCC Publishing Corporation
 
PPTX
UNIT -3 -DIGITAL AND MOBILE FORENSICS FORENSIC READINESS-.pptx
byjemimaa3
 
PPTX
22PEOIT4C Session 4 Breath First Search & Depth First Search.pptx
bymailmegokilavani
 
PPTX
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
PDF
TechSprint: Innovate for Impact Hackathon
byDeepakkumarSingh415123
 
DOCX
Project Management(BOE 070) notes Unite 4 AKTU
by26dsyogam
 
PPTX
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
PDF
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
PPTX
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PPTX
Fiber reinforced concrete (FRC) is a composite material made from Portland ce...
bymanojaioe
 
PDF
Paralleling of Alternators - First Edition - 2022
byMahmoud Moghtaderi
 
PPTX
Transportation Engineering- Modes of Transport, Types of roads, Components of...
byvidyanand kadam
 
PDF
Troubleshooting of Marine Refrigeration System - Part 4
byMahmoud Moghtaderi
 
PPTX
Aix-Marseille Université Diploma
by美国加利福尼亚州立理工大学波莫纳分校学位证书补办【Q微号:1954 292 140】CPP毕业证购买
 
Network intrusion detection system .pptx
byvenomghost09082000
 
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
Industrial Smart Ventilation system.pptx
byfsanjay42
 
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
The Complete Guide to Energy Audits_ Unlocking Savings, Sustainability, and P...
bygreentechnexus2024
 
AI-Driven CTI for Business: Emerging Threats, Attack Strategies, and Defensiv...
byAIRCC Publishing Corporation
 
UNIT -3 -DIGITAL AND MOBILE FORENSICS FORENSIC READINESS-.pptx
byjemimaa3
 
22PEOIT4C Session 4 Breath First Search & Depth First Search.pptx
bymailmegokilavani
 
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
TechSprint: Innovate for Impact Hackathon
byDeepakkumarSingh415123
 
Project Management(BOE 070) notes Unite 4 AKTU
by26dsyogam
 
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
Fiber reinforced concrete (FRC) is a composite material made from Portland ce...
bymanojaioe
 
Paralleling of Alternators - First Edition - 2022
byMahmoud Moghtaderi
 
Transportation Engineering- Modes of Transport, Types of roads, Components of...
byvidyanand kadam
 
Troubleshooting of Marine Refrigeration System - Part 4
byMahmoud Moghtaderi
 
Aix-Marseille Université Diploma
by美国加利福尼亚州立理工大学波莫纳分校学位证书补办【Q微号:1954 292 140】CPP毕业证购买
 

Secrets acrosscloudk8s

  • 1.
    Secrets in KubernetesAcross Cloud “Life is really simple, but we insist on making it complicated..” Confucius @jthan24 Jhonny Pong (Jhonnatan Gil)
  • 3.
  • 4.
    AWS - Systems ManagerParameter Store Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter.
  • 5.
    Azure - KeyVault Secrets Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys.
  • 6.
    GCP - Secret Manager SecretManager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.
  • 7.
    Hashicorp - Vault Vaultis a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
  • 8.
  • 9.
    What is kubernetes Kubernetesis a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
  • 10.
    Secrets A Secret isan object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.
  • 11.
    External Secrets External SecretsOperator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
  • 12.
    What, ¿operator? Operators aresoftware extensions to Kubernetes that make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.
  • 13.
    External Secrets -Architecture First, define secret in your cloud or on premise (Bare Metal) provider. Second, write your YAML config file to obtain secret. Third, use the secret in your Cluster.
  • 14.
  • 15.
    First create asecret in vault. Second deploy external secrets with helm in Kubernetes cluster. Third using external secrets operator for configure vault. Fourth sync secret from vault to secret in kubernetes. Back to slide 7
  • 16.
  • 17.
    Thank you!! Thank youfor your time!! I hope you learn something new!! @jthan24