November 13–15, 2018 - Shanghai, China
Click Here For Information & Registration

To view the Chinese version of this schedule please go here.

Simultaneous translation will be provided for all keynote and breakout sessions.
Wednesday, November 14 • 14:40 - 15:15
Turtles All the Way Down: Securely Managing Kubernetes Secrets With Secrets - Maya Kaczorowski & Alexandr Tcherniakhovski, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Secrets are the cornerstones of Kubernetes' security model; they are used both by Kubernetes itself (e.g., service accounts) and by users (e.g., API keys). In this talk, we will discuss users’ options for protecting secrets in Kubernetes.

We’ll start with an overview of how secrets are protected and mounted by default in Kubernetes. Then, we’ll cover improvements that have been made in recent releases, including secrets encryption (1.7), and KMS plugins (1.10 Alpha), and how these work with external providers like cloud KMS plugins and HashiCorp Vault. We’ll discuss the tradeoffs of these options based on your requirements. Lastly, we’ll demo how to use a KMS plugin with Kubernetes, and discuss planned improvements to the secrets system in Kubernetes.

You’ll leave with an understanding of your secret management options, and an idea of which one is best for your particular needs.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Google
Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master's in mathematics focusing on cryptography... Read More →
avatar for Alexandr Tcherniakhovski

Alexandr Tcherniakhovski

Security Engineer, Google
Alex Tcherniakhovski Alex is a Security Engineer at Google, working on Kubernetes Engine Security team. Alex focuses on the encryption at rest features of Kubernetes. Alex also an owner of encryption of rest feature in Kubernetes. Before Google, Alex worked at Microsoft in various... Read More →

Wednesday November 14, 2018 14:40 - 15:15
305 B