November 28, 2023

Kubernetes base64 secrets are fine, with Mac Chaffee

Listen Later

29 minutes

By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.

And this is fine — at least, this is what Mac argues in this episode of KubeFM.

Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.

In this episode, you will learn:

How to define a threat model to inform your security posture and mitigations.
How Kubernetes Secrets offer sufficient guarantees for most common threat models.
If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).

Mac also covers tips and advice on becoming a security expert.

More info

Find all the links and info for this episode here: https://ku.bz/rFlp8Yj9s
Interested in sponsoring an episode? Learn more.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

KubeFM

By KubeFM

5

22 ratings

November 28, 2023

Kubernetes base64 secrets are fine, with Mac Chaffee

Listen Later

29 minutes

By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.

And this is fine — at least, this is what Mac argues in this episode of KubeFM.

Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.

In this episode, you will learn:

How to define a threat model to inform your security posture and mitigations.
How Kubernetes Secrets offer sufficient guarantees for most common threat models.
If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).

Mac also covers tips and advice on becoming a security expert.

More info

Find all the links and info for this episode here: https://ku.bz/rFlp8Yj9s
Interested in sponsoring an episode? Learn more.

...more

More shows like KubeFM

Security Now (Audio) by TWiT

Security Now (Audio)

1,975 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

273 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

283 Listeners

The Cloudcast by Massive Studios

The Cloudcast

152 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

265 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

42 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

592 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

624 Listeners

Soft Skills Engineering by Jamison Dance and Dave Smith

Soft Skills Engineering

269 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

203 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

154 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

64 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

92 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners