Mar 27
Loading video player...
Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io GitOps and Secrets: State of the Union - Kostis Kapelonis, Octopus Deploy One of the most popular questions for people adopting GitOps is what to do with secrets. Argo CD version 3.x finally has a clear recommendation on how to handle secrets with Kubernetes. More specifically, the new proposal is to externalize secret management entirely instead of using plugins or other similar mechanisms to inject secrets during application deployment. In this talk we will reevaluate and compare all the popular secret solutions (sealed-secrets, sops, vault-plugin, external-secret-operator, csi-drivers, etc.) and explain where they differ and the pros/cons of each. We will also explain the common pitfalls of using secrets with Argo CD and discuss the best practices for good secret hygiene, such as secret rotation and storage.