Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

It is recommended to use the Kubernetes secrets or migrate to any platform?

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is recommended to use the Kubernetes secrets or migrate to a platform that specifically handles this as Vault
 
Saloon Keeper
Posts: 24867
174
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Miguel Leiva wrote:It is recommended to use the Kubernetes secrets or migrate to a platform that specifically handles this as Vault


¿¿I'm presuming that that was a question??
 
Miguel Leiva
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
haha, yes
 
Author
Posts: 76
7
Redhat Notepad Fedora Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry, what is the question?
 
Author
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Kubernetes Secrets aren't encrypted at rest by default but you can configure the cluster to encrypt them in etcd, which is probably good enough for most security levels.

If you already have Vault and you use it for other things then it integrates nicely with Kubernetes using a sidecar which injects the secrets into your application container.

It's really a question of process - Kube Secrets are a distinct resource so they can be explicitly permissioned and managed within the cluster, which means you don't have external dependencies and you can have the same approach in all environments.

Vault and the cloud secret services offer more functionality for a wider set of scenarios, so if your apps span more than just Kubernetes it might be better to integrate 3rd party secrets.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic