Möchten Sie mit Ihrem Team teilnehmen? Ab drei Personen profitieren Sie von unseren Gruppenrabatten! Direkt im Shop buchen!

Protecting the Crown Jewels: How to manage and secure your Kubernetes secrets

Kubernetes secrets are a necessity to the majority of Kubernetes users. Most applications require secrets. A Kubernetes secret stores sensitive data, such as passwords, OAuth tokens, and SSH keys. Securing these assets and ensuring their integrity is vital.

  • How do admins safely and reliably manage these secrets?
  • Which options are currently available in and outside of Kubernetes?
  • How do you avoid storing the same secret multiple times across different environments?
Join our talk to learn which methods are available to safely secure your Kubernetes secrets in a production environment. Simon will demonstrate various ways of storing and accessing secrets in and outside of a Kubernetes cluster. He will show how to utilise HashiCorp Vault to store your secrets. And he will also explain how to sync external secrets to multiple clusters with the Kubernetes Secrets store CSI driver.


The attendees should have a basic understanding of Kubernetes. They should be familiar with deployment technics and GitOps workflows. A basic understanding of KMS would be helpful but not necessary.


The attendees will learn best practices to store and secure their Kubernetes secrets. I will provide an opinionated view on how to store secrets in a secure environment. And distribute them to one or multiple clusters. I will also provide a few suggestions including software to use to get the job done.



Simon Pearce
Simon Pearce is a Kubernetes Cloud consultant at SysEleven working on improving the customer journey. He supported building MetaKube, SysEleven's managed Kubernetes platform. Which currently hosts over 300 Kubernetes clusters. He resides in Berlin with his partner and their daughter, Stella. Hobbies and interests include Cyclocross, Gravel cycling, gaming, Linux and home automation.




Sie möchten über die Continuous Lifecycle und die ContainerConf auf dem Laufenden gehalten werden?