Davide Imola

Securing secrets in the GitOps Era

Your Kubernetes secrets are just Base64 encoded, not encrypted. Learn two powerful patterns to secure your GitOps workflow.

Securing secrets in the GitOps Era
#1about 8 minutes

Understanding the fundamentals and benefits of GitOps

GitOps uses a Git repository as the single source of truth for declaratively managing infrastructure and application deployments.

#2about 5 minutes

The security risk of storing secrets in Git

Storing Kubernetes secrets directly in a Git repository is insecure because the values are only Base64 encoded, not truly encrypted.

#3about 15 minutes

Encrypting secrets in Git with Sealed Secrets

Sealed Secrets is a Kubernetes operator that uses public-key cryptography to safely encrypt secrets before they are stored in a Git repository.

#4about 3 minutes

Evaluating the pros and cons of Sealed Secrets

While Sealed Secrets are easy to configure and integrate with GitOps, they can be cumbersome for frequent value changes and history retrieval.

#5about 7 minutes

Managing secrets with external secret managers

External secret managers like HashiCorp Vault or cloud provider solutions offer centralized control, web UIs, and easier secret rotation.

#6about 2 minutes

Integrating external secret managers into Kubernetes

Applications can access secrets from external managers by using provider-specific SDKs or by using a Secret Store CSI driver to sync them as native Kubernetes secrets.

#7about 18 minutes

Q&A on GitOps secret management practices

The speaker answers audience questions on topics including key management strategies, multi-tenancy, secure transmission, and CI/CD pipeline integration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

How AI-generated content is overwhelming open source maintainers
06:46 MIN

How AI-generated content is overwhelming open source maintainers

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Getting hired by contributing to open source projects
05:32 MIN

Getting hired by contributing to open source projects

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Stop Committing Your Secrets - GIt Hooks To The Rescue!56:06

Stop Committing Your Secrets - GIt Hooks To The Rescue!

Dwayne McDaniel

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

How to GitOps your cluster with Flux58:44

How to GitOps your cluster with Flux

Davide Imola

Get ready for operations by pull requests50:02

Get ready for operations by pull requests

Liviu Costea

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

A Practitioners Guide to GitOps - Introduction, Principles and Implementation45:58

A Practitioners Guide to GitOps - Introduction, Principles and Implementation

Thomas Schütz

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps Engineer

DevOps Engineer

SOMI Experts GmbH
Kiel, Germany

Linux
DevOps
Docker
Jenkins
Kubernetes
+2