Cloud Native Rejekts EU (Valencia) 2022

Secret Management: The Soft Way
2022-05-14, 10:55–11:25, Gallery

Secrets. Security best-practices mandate that they stay away from the code—or else! And that’s what we did for a long time.

But as CI/CD practices evolved, for a myriad of reasons, we now want to ship the code, the environment, and the secrets, all in one lump. So we can’t hide the secrets anymore… unless?

Tools like HashiCorp Vault attempt to address this by managing secrets outside the delivery chain. Great! But you can’t use those inside local dev environments, so… When that’s exactly what you need to do, then what?

In this talk, Lian will show the audience how to manage secrets the GitOps way, so you can maintain security best-practices while also being able to use them in your local environment for development. Sound like magic? That’s because it is!

After this talk, the audience will be able to understand secret management solutions that work seamlessly in a variety of environments.


People who are getting started with Kubernetes have to learn a bunch of new stuff including Docker, K8s, and whatever they need to do their jobs.

Security is a whole separate, very wide field, and we cannot expect people to be knowledgeable about everything.

If we can provide security best practices for k8s that are straightforward and quick to implement, we can improve the cloud native ecosystem for everyone.

I will discuss a basic solution that is quick to pick up and a more complex one that can scale, so the audience can take away the basic concepts no matter their use case.