Kubernetes secret encryption - and two mistakes to avoid

preview_player
Показать описание
Liz has previously shown how Kubernetes stores secrets in plain text in the etcd database by default. In this video, she walks through how to get your secrets encrypted - and two traps that you can fall into when you try it!
  1. Aqua Security Open Source
  2. kubernetes
  3. secrets
  4. etcd
  5. encryption
Рекомендации по теме
Kubernetes secret encryption 0:12:40

Kubernetes secret encryption - and two mistakes to avoid

Kubernetes Secret Management 0:06:46

Kubernetes Secret Management Explained

Sealed Secrets: Safeguarding 0:13:27

Sealed Secrets: Safeguarding Your Kubernetes Secrets | Step By Step Tutorial | KodeKloud

Kubernetes - Encrypting 0:27:19

Kubernetes - Encrypting Secrets in etcd. Kubernetes Security - Network Nuts

Encrypt Kubernetes Secrets 0:01:00

Encrypt Kubernetes Secrets Using Keys

Encrypting Secrets in 0:34:56

Encrypting Secrets in Kubernetes Clusters using KMS

Kubernetes Secrets in 0:05:33

Kubernetes Secrets in 5 Minutes!

Kubernetes Security Best 0:29:41

Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!

Kubernetes Secret Data 0:32:44

Kubernetes Secret Data Encryption at Rest - v1.25 - KMS v2 alpha1 AWS KMS

Encrypt Your Sensitive 0:25:23

Encrypt Your Sensitive Information Before Storing It - Encrypting with Mozilla SOPS and AGE

'A better story 0:37:14

'A better story for Kubernetes secrets' by Seth Vargo

Securing Kubernetes Secrets 0:42:27

Securing Kubernetes Secrets (Cloud Next '19)

Understand secrets management 0:05:06

Understand secrets management in Kubernetes

How to view 0:00:56

How to view a Kubernetes secret

Keeping Kubernetes secrets 2:44:49

Keeping Kubernetes secrets secret by Alex Soto

Turtles All the 0:35:10

Turtles All the Way Down: Managing Kubernetes Secrets - Maya Kaczorowski & Alexandr Tcherniakhov...

Base64 is not 0:25:11

Base64 is not encryption A better story for Kubernetes Secrets

OSS Unboxing - 0:06:21

OSS Unboxing - Kubernetes cloudprovider secret encryption at rest

Webinars: Encrypting data 0:39:43

Webinars: Encrypting data in Kubernetes deployments. Protect your data, not just your Secrets

Using Kubernetes Secrets 0:39:19

Using Kubernetes Secrets in GitOps Workflows Securely - Seth Vargo & Alex Tcherniakhovski, Googl...

Storing Secrets in 0:27:17

Storing Secrets in GIT | GitOps | Kubernetes

Kubernetes Secrets: How 0:17:26

Kubernetes Secrets: How to Create, Use, and Manage Secrets in Kubernetes

Shocking Truth About 0:00:29

Shocking Truth About Kubernetes Secrets What You Didnt Know with Michael Levan

Hardware-based KMS Plug-in 0:38:10

Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel

Комментарии
Автор

The initial key indeed included a newline ("\n"), which "echo" adds by default. Use "-n" with echo to skip the trailing newline.

dratir
Автор

If an attacker gains access to the host; instead of searching for the etcd database, he/she can look for the EncryptionConfiguration yaml available on the disk, which contains base64 encoded secret. How do we deal with this situation? Can we remove this file from the disk after creating the secret?

nopsled
welcome to shbcf.ru