By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.

And this is fine — at least, this is what Mac argues in this episode of KubeFM.

Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.

In this episode, you will learn:

• How to define a threat model to inform your security posture and mitigations.

• How Kubernetes Secrets offer sufficient guarantees for most common threat models.

• If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).

Mac also covers tips and advice on becoming a security expert.

More info

• Find all the links and info for this episode here: https://ku.bz/rFlp8Yj9s

• Interested in sponsoring an episode? Learn more.