Keeping the terraform state in a Kubernetes Secret

2 min read

Storing the terraform state into a S3 bucket with dynamoDB for locking has become the de facto standard for being able to share the state across an organization. Nevertheless, there are interesting alternatives: We can use a Kubernetes Secret

19/04/2022

Managing (safely) Secrets as Code with sops and terraform

3 min read

If you are using Infrastructure as Code you've realized there is something it shouldn't be on a git repository: That's the secrets, we should never store clear-text secrets on a git repository, not even if it's a private repository: Anyone with access to that repository could get them.

How can we securely create secrets as code into the AWS Secrets Manager using terraform?

15/02/2022

Using AWS Secrets Manager secrets and Systems Manager parameters in Kubernetes with KES

4 min read

By using the Kubernetes External Secrets we can use external secret management systems, like AWS Secrets Manager or Vault, to securely add secrets in Kubernetes.

This is achieved by by using the ExternalSecret object which declares how to fetch the secret data, while the KES controller converts the ExternalSecrets to Secrets. The conversion is completely transparent to Pods that can access Secrets normally.

29/11/2021

Setting secret into a environment variable

2 min read

Although it's not a best practice to feed secrets into environment variables it's still something that it is possible to do. Let's take a glance on how to do it

05/03/2021

Access kubernetes secrets as volumes

2 min read

To be able to use a secret on a deployment (or generally speaking, any pod) we can choose to share it by using either volumes or environment variables. Let's take a look hwo it would look like using an volume mount

05/01/2021