Davide Imola

Securing secrets in the GitOps Era

Your Kubernetes secrets are just Base64 encoded, not encrypted. Learn two powerful patterns to secure your GitOps workflow.

Securing secrets in the GitOps Era
#1about 8 minutes

Understanding the fundamentals and benefits of GitOps

GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.

#2about 5 minutes

The security risk of storing secrets in Git

Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.

#3about 15 minutes

Encrypting secrets in Git with Sealed Secrets

Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.

#4about 3 minutes

Evaluating the pros and cons of Sealed Secrets

While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.

#5about 7 minutes

Managing secrets with external secret managers

External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.

#6about 2 minutes

Integrating external secret managers into Kubernetes

Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.

#7about 18 minutes

Q&A on GitOps secret management practices

The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Using Sealed Secrets to safely store secrets in Git
18:06 MIN

Using Sealed Secrets to safely store secrets in Git

Securing Secrets in the GitOps era

Q&A: GitOps, CI tools, and security management
42:23 MIN

Q&A: GitOps, CI tools, and security management

GitOps: The past, present and future

The risk of exposing credentials in Git repositories
13:58 MIN

The risk of exposing credentials in Git repositories

Securing Secrets in the GitOps era

Introduction to GitOps and the talk agenda
00:19 MIN

Introduction to GitOps and the talk agenda

Get ready for operations by pull requests

Securing workflows with secrets and best practices
30:56 MIN

Securing workflows with secrets and best practices

CI/CD with Github Actions

Key takeaways for securing your application pipeline
41:45 MIN

Key takeaways for securing your application pipeline

Securing Your Web Application Pipeline From Intruders

Understanding the fundamentals of GitHub Secrets
00:35 MIN

Understanding the fundamentals of GitHub Secrets

Best Practices for Using GitHub Secrets

Securing developer access and development tools
05:30 MIN

Securing developer access and development tools

Securing your application software supply-chain

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Stop Committing Your Secrets - GIt Hooks To The Rescue!56:06

Stop Committing Your Secrets - GIt Hooks To The Rescue!

Dwayne McDaniel

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

How to GitOps your cluster with Flux58:44

How to GitOps your cluster with Flux

Davide Imola

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

A Practitioners Guide to GitOps - Introduction, Principles and Implementation45:58

A Practitioners Guide to GitOps - Introduction, Principles and Implementation

Thomas Schütz

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.

e DevOps Kubernetes

e DevOps Kubernetes

","addresslocality":"valbonne","streetaddress":""},"geo":{"@type":"geocoordinates","longitude":7.009186,"latitude":43.64152}},"industry":"","identifier":{"@type":"propertyvalue","name":"innova
Canton de Valbonne, France

Remote
45-50K
Intermediate
Bash
DevOps
Ansible
+6