2 min read
Storing the terraform state into a S3 bucket with dynamoDB for locking has become the de facto standard for being able to share the state across an organization. Nevertheless, there are interesting alternatives: We can use a Kubernetes Secret
19/04/2022
Read more...3 min read
If you are using Infrastructure as Code you've realized there is something it shouldn't be on a git repository: That's the secrets, we should never store clear-text secrets on a git repository, not even if it's a private repository: Anyone with access to that repository could get them.
How can we securely create secrets as code into the AWS Secrets Manager using terraform?
15/02/2022
Read more...4 min read
By using the Kubernetes External Secrets we can use external secret management systems, like AWS Secrets Manager or Vault, to securely add secrets in Kubernetes.
This is achieved by by using the ExternalSecret object which declares how to fetch the secret data, while the KES controller converts the ExternalSecrets to Secrets. The conversion is completely transparent to Pods that can access Secrets normally.
29/11/2021
Read more...2 min read
Although it's not a best practice to feed secrets into environment variables it's still something that it is possible to do. Let's take a glance on how to do it
05/03/2021
Read more...2 min read
To be able to use a secret on a deployment (or generally speaking, any pod) we can choose to share it by using either volumes or environment variables. Let's take a look hwo it would look like using an volume mount
05/01/2021
Read more...