Morioh
Login
Emmanuel Schultz

Emmanuel Schultz

3 years ago

In this article, we will look into common ways to secure secrets in a Kubernetes application and how to manage them in a GitOps workflow based on ArgoCD with the help of Sops.

The problem is the following: your application depends on some secrets that you need to store securely and make available to your running application.

You can address this requirement in two ways:

  • You put these secrets in remote secret manager, for instance, Vault or AWS Secret Manager and you use the provided API or convenient tools like External Secrets
  • You keep these secrets as vanilla Kubernetes Secret objects, you commit those in your Git repository with your code but you take care of encrypting them with for example sops

This second solution has a clear advantage: you can provide your own GPG key and you don’t need to rely on a cloud provider or any external tools. If your goal is a multi-cloud strategy, it’s the way to go.

If you are using ArgoCD to deploy our Kubernetes objects you may wonder how to integrate Sops with ArgoCD. Let’s see what the ArgoCD documentation has to say.

ArgoCD Stance on Secrets Management

ArgoCD documentation makes it quite clear:

Argo CD is un-opinionated about how secrets are managed. There’s many ways to do it and there’s no one-size-fits-all solution.

Basically, you are left to your own devices to make sops work with ArgoCD. In this article, we will take a look at how we can implement secret handling in an elegant, non-breaking way.

#kubernetes #devops #argocd #secrets #programming #cicd #cloud-native #helm

How to Handle Kubernetes Secrets with ArgoCD and Sops

hackernoon.com

How to Handle Kubernetes Secrets with ArgoCD and Sops

How to Handle Kubernetes Secrets with ArgoCD and Sops. In this article, we will look into common ways to secure secrets in a Kubernetes application and how to manage them in a GitOps workflow based on ArgoCD with the help of Sops.

3.75 GEEK