Safely manage your secret information like passwords, keys, and certificates in Kubernetes. This practical guide is full of best practices and methods for adding layers of security that will defend the critical data of your applications.

In Kubernetes Secrets Management you will find:

    Strategies for storing secure assets in Kubernetes

    Cryptographic options and how to apply them in Kubernetes

    Using the HashiCorp Vault server on Kubernetes for secure secrets storage

    Managing security with public cloud providers

    Applying security concepts using tools from the Kubernetes ecosystem

    End-to-end secrets storage from development to operations

    Implementing in Kubernetes in CI/CD systems

Secrets, like database passwords and API keys, are some of the most important data in your application. Kubernetes Secrets Management reveals how to store these sensitive assets in Kubernetes in a way that’s protected against leaks and hacks. You’ll learn the default capabilities of Kubernetes secrets, where they’re lacking, and alternative options to strengthen applications and infrastructure. Discover a security-first mindset that is vital for storing and using secrets correctly, and tools and concepts that will help you manage sensitive assets such as certificates, keys, and key rotation.

About the technology

Kubernetes relies on passwords, tokens, keys, certificates, and other sensitive information to keep your system secure. But how do you keep these secrets safe? In this concise, practical book you’ll learn secrets management techniques that go far beyond the Kubernetes defaults.

About the book

Kubernetes Secrets Management reveals security best practices and reliable third-party tools for protecting sensitive data in Kubernetes-based systems. In this focused guide, you’ll explore relevant, real-world examples like protecting secrets in a code repository, securing keys with HashiCorp Vault, and adding layers to maintain protection after a breach. Along the way, you’ll pick up secrets management techniques you can use outside Kubernetes, as well.

What’s inside

    Cryptographic options you can apply in Kubernetes

    Managing security with public cloud providers

    Secrets storage, from development to production

    End-to-end Kubernetes secrets management in CI/CD systems

About the reader

For readers experienced with Kubernetes and CI/CD practices.

About the author

Alex Soto is a director of developer experience at Red Hat, a Java Champion since 2007, an international speaker, and a teacher at Salle URL University. Andrew Block is a distinguished architect with Red Hat, and an active member of the open-source community.

Table of Contents

PART 1 SECRETS AND KUBERNETES

1 Kubernetes Secrets

2 An introduction to Kubernetes and Secrets

PART 2 MANAGING SECRETS

3 Securely storing Secrets

4 Encrypting data at rest

5 HashiCorp Vault and Kubernetes

6 Accessing cloud secrets stores

PART 3 CONTINUOUS INTEGRATION AND CONTINUOUS DELIVERY

7 Kubernetes-native continuous integration and Secrets

8 Kubernetes-native continuous delivery and Secrets