November 13–15, 2018 - Shanghai, China
Click Here For Information & Registration

To view the Chinese version of this schedule please go here.

Simultaneous translation will be provided for all keynote and breakout sessions.
Back To Schedule
Wednesday, November 14 • 14:40 - 15:15
Turtles All the Way Down: Securely Managing Kubernetes Secrets With Secrets - Maya Kaczorowski & Alexandr Tcherniakhovski, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Secrets are the cornerstones of Kubernetes' security model; they are used both by Kubernetes itself (e.g., service accounts) and by users (e.g., API keys). In this talk, we will discuss users’ options for protecting secrets in Kubernetes.

We’ll start with an overview of how secrets are protected and mounted by default in Kubernetes. Then, we’ll cover improvements that have been made in recent releases, including secrets encryption (1.7), and KMS plugins (1.10 Alpha), and how these work with external providers like cloud KMS plugins and HashiCorp Vault. We’ll discuss the tradeoffs of these options based on your requirements. Lastly, we’ll demo how to use a KMS plugin with Kubernetes, and discuss planned improvements to the secrets system in Kubernetes.

You’ll leave with an understanding of your secret management options, and an idea of which one is best for your particular needs.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, GitHub
Maya is a Product Manager for Software Supply Chain Security at GitHub. She was previously at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master\'s in mathematics... Read More →
avatar for Alexandr Tcherniakhovski

Alexandr Tcherniakhovski

Engineer, Google
Alex is a Security Engineer at Google, working on Kubernetes Engine Security team. Alex focuses on the encryption at rest features of Kubernetes. Alex also an owner of encryption of rest feature in Kubernetes. Before Google, Alex worked at Microsoft in various security roles. Outside... Read More →

Wednesday November 14, 2018 14:40 - 15:15
305 B