GitOps and Kubernetes – Secure Handling of Secrets

This page summarizes the projects mentioned and recommended in the original post on dev.to

InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  1. sealed-secrets

    A Kubernetes controller and tool for one-way encrypted Secrets

    An option that easily works with GitOps is the Operator Sealed Secrets from Bitnami. Secrets encrypted with it can only be decrypted by operators running inside the cluster, not even by the original author. For encryption, there is a CLI (and a third-party web UI) that requires a connection to the cluster. The disadvantage of this is that the key material is stored in the cluster, the secrets are bound to the cluster and one has to take care of backups and operation.

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. sealed-secrets-web

    A web interface for Sealed Secrets by Bitnami.

    An option that easily works with GitOps is the Operator Sealed Secrets from Bitnami. Secrets encrypted with it can only be decrypted by operators running inside the cluster, not even by the original author. For encryption, there is a CLI (and a third-party web UI) that requires a connection to the cluster. The disadvantage of this is that the key material is stored in the cluster, the secrets are bound to the cluster and one has to take care of backups and operation.

  4. external-secrets

    External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

    External Secrets is an operator that integrates external KMS such as Hashicorp Vault or those of the major cloud providers. It reads secrets from the external APIs and injects them into Kubernetes secrets. The operator is a new implementation after the merge of similar projects from GoDaddy and ContainerSolutions.

  5. vault-k8s

    First-class support for Vault and Kubernetes.

    Hashicorp Vault k8s is an operator that modifies pods via a mutating webhook to connect between vault and pod via sidecars (additional containers) to provide secrets. This has the major advantage that no secret objects are created in Kubernetes here. The disadvantage is that this way only works with Vault.

  6. argocd-vault-plugin

    An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

    ArgoCD supports SOPS with the vault Plugin.

  7. helm-secrets

    A helm plugin that help manage secrets with Git workflow and store them anywhere

    There is also the helm secrets plugin, which can also be used in ArgoCD with manual configuration.

  8. sops-secrets-operator

    Kubernetes SOPS secrets operator

    There is also a third-party sops-secrets operator available.

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?

    8 projects | /r/kubernetes | 10 Oct 2022
  • Plain text Kubernetes secrets are fine

    1 project | news.ycombinator.com | 21 Jul 2023
  • helm upgrade error "Error: This command needs 2 arguments: release name, chart path"

    1 project | /r/codehunter | 10 Jun 2023
  • How to securely store configs across microservices and not commit secrets to vc

    2 projects | /r/kubernetes | 2 Jun 2023
  • Storing secrets in distributed binaries?

    4 projects | /r/golang | 7 May 2023

Did you know that Go is
the 4th most popular programming language
based on number of references?