November 28, 2023

Kubernetes base64 secrets are fine, with Mac Chaffee

Listen Later

29 minutes

By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.

And this is fine — at least, this is what Mac argues in this episode of KubeFM.

Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.

In this episode, you will learn:

How to define a threat model to inform your security posture and mitigations.
How Kubernetes Secrets offer sufficient guarantees for most common threat models.
If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).

Mac also covers tips and advice on becoming a security expert.

More info

Find all the links and info for this episode here: https://ku.bz/rFlp8Yj9s
Interested in sponsoring an episode? Learn more.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

KubeFM

By KubeFM

5

22 ratings

November 28, 2023

Kubernetes base64 secrets are fine, with Mac Chaffee

Listen Later

29 minutes

By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.

And this is fine — at least, this is what Mac argues in this episode of KubeFM.

Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.

In this episode, you will learn:

How to define a threat model to inform your security posture and mitigations.
How Kubernetes Secrets offer sufficient guarantees for most common threat models.
If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).

Mac also covers tips and advice on becoming a security expert.

More info

Find all the links and info for this episode here: https://ku.bz/rFlp8Yj9s
Interested in sponsoring an episode? Learn more.

...more

More shows like KubeFM

Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

274 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

288 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,009 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

631 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

276 Listeners

The Reasoning Show by Massive Studios

The Reasoning Show

153 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

583 Listeners

Soft Skills Engineering by Jamison Dance and Dave Smith

Soft Skills Engineering

287 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

44 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

167 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

179 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

206 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

62 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

98 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

68 Listeners