At Soluto, we're using Kubernetes platform in production for more than a year. One of the challenges we faced is secrets management, which is not a simple task at all (did you experienced similar issues?). Kubernetes Secret object has its own limitations (especially, how to store the manifest files). We also tried various solutions (like Sealed Secrets and Helm Secrets to name a few), but none of them was a good fit for us. We wanted a solution that is:
- GitOps (so it can support our decentralized ops culture)
- Zero trust (once a secret is encrypted, there is no need and no way to decrypt it)
This is why we built Kamus - our secret encryption solution. Kamus let you seamlessly encrypt secrets, that can be decrypted only by the app running in production.
I'll be more than happy to answer any question you might have regarding Kamus, and of course - look forward to hearing your feedback!
Top comments (2)
Hmm.. :) interesting!
Let me take a peek at it and let you know how it goes. By the way, we are kind of riding the same boat however sealed secrets is least amount of effort atm.
Have you tried anything like Vault etc?
Sealed secret solved the problem in a different way. It let you create encrypted Kubernetes secrets, which has a few downsides:
config.secrets.json
. The value is base64 encoded value of the JSON, and modifying it is a cumbersome process. Kamus supports native JSON file, where you can encrypt only the values.One last comment regarding Vault. Vault has 2 options: