Encryption of secrets in yaml files

robbrown3 · January 11, 2022, 1:45pm

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version:"v1.22.1
Cloud being used: bare metal
Installation method:
Host OS: linux 8
CNI and version:
CRI and version:

I’m extremely new to kubernetes. We currently base64 encode secrets(login/password) in service-secret.yaml files. I’ve been asked to encrypt details in service-secret.yaml files.

To encrypt the details of the service-secret.yaml files, what should I do? Guidance is greatly appreciated.

Theog75 · January 15, 2022, 3:16pm

You can encrypt secret data at rest (Encrypting Secret Data at Rest | Kubernetes)

But mind you,once mounted to a pod it is clear text.

Saleem_M · August 9, 2024, 11:23am

Can you also please explain who does the decryption of these secrets and what keys are used for decryption in the POD

Topic		Replies	Views
How to secure Kubernetes secrets on bare metal? General Discussions security , on-prem	1	1290	February 24, 2023
How should I protect Helm secrets in values.yaml? General Discussions	0	1488	September 14, 2020
Encryption at rest/in transit General Discussions	1	806	February 4, 2020
Encrypt Customer Resource Definition with EncryptionConfig General Discussions	0	643	February 27, 2019
Issue with Secret Not Updating on All Pods After Time Shift (+10 Years) General Discussions	0	14	October 31, 2024

Encryption of secrets in yaml files

Cluster information:

Related topics