Secure your Kubernetes secrets easily with Trousseau

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

    If built-in solution is not enough for you, you have to choose an external Key Management Service (KMS) like Hashicorp Vault and somehow inject secret resolution to your workload. There are several options, you can use a mutation webhook and create environment variables during pod creation for example, or use an extra sidecar to resolve secrets inside the container as volumes. The main advantages of this way is you have full control where and how encrypted secrets would be converted into readable values, but all the coin has an other side. The solutions are complex, and most importantly they are not transparent. Because Kubernetes secrets are just references to the real ones, you must configure everything on every single target cluster, or have to write tons of if-else in your favorite manifest generation tool.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts