Friendly neighbourhood dad, scours substack for longform epiphanies and obsessively unrolls twitter threads for inspirations
Friendly neighbourhood dad, scours substack for longform epiphanies and obsessively unrolls twitter threads for inspirations
Subscribe to Vamsi Ramakrishnan
Subscribe to Vamsi Ramakrishnan
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Your microservice calls other services — a database, an API endpoints or SaaS/ PaaS services and hold credentials to do so. Environment variables or Kubernetes Secrets are not really a secret and suffer from a variety of drawbacks
There are a variety of solutions for this
3rd Party solutions like Vault, Mozilla SOPs, Bitnami k8s sealed secrets— which have way too many configurations to be made to get started for the simple use case of Creating Secrets, Storing secrets in an encrypted way, allow only authenticated and authorized principals to retrieve them.
Cloud KMS/HSM solutions which require integrating the SDKs into your code which is not very convenient as secrets are usually an afterthought after finishing the build prior to deployment.
Enter Berglas — a painless way to manage secrets. Under the hood Berglas uses the Cloud KMS + GCS or Secrets Manager to abstract away the complexity of having to wire these things up yourself.
Berglas CLI installation on Cloud Shell
Use the CLI to bootstrap secrets in a bucket or secret manager
KMS keyrings are created to symmetrically to encrypt Secrets
Deploy the cloud function that acts a webhook mutation endpoint
Deploy the Webook Mutating Webhook config referencing endpoint
Create a berglas secret, grant access to a cloud service account
Create and Annotate k8s service acct to Cloud service acct
Change PodSpec to reference Berglas Secret
GitHub - GoogleCloudPlatform/berglas: A tool for managing secrets on Google Cloud Berglas is a command line tool and library for storing and retrieving secrets on Google Cloud. Secrets are encrypted… github.com
GCP Services that works with Berglas GitHub - GoogleCloudPlatform/berglas: A tool for managing secrets on Google Cloud Berglas is a command line tool and library for storing and retrieving secrets on Google Cloud. Secrets are encrypted… github.com
Google Kubernetes Engine
Cloud Run
Cloud Build
Cloud Functions
AppEngine Standard & Flex
Init Scripts / Ansible scripts for Google Compute Engine
Other Reading
A painless way to manage secrets in Google Kubernetes Engine Berglas is the simplest solution we’ve seen for managing secrets on Kubernetes clusters in GKE. Here’s why it’s our new… insights.project-a.com
A Comparison of Secrets Managers for GCP | ScaleSec Earlier this year, Google made Secret Manager generally available (GA), and with this release came a new, native… scalesec.com
How to keep secrets secret in the cloud In this article, I want to show you how to do proper secret management that doesn't compromise on the easiness of use… www.kevinsimper.dk
Your microservice calls other services — a database, an API endpoints or SaaS/ PaaS services and hold credentials to do so. Environment variables or Kubernetes Secrets are not really a secret and suffer from a variety of drawbacks
There are a variety of solutions for this
3rd Party solutions like Vault, Mozilla SOPs, Bitnami k8s sealed secrets— which have way too many configurations to be made to get started for the simple use case of Creating Secrets, Storing secrets in an encrypted way, allow only authenticated and authorized principals to retrieve them.
Cloud KMS/HSM solutions which require integrating the SDKs into your code which is not very convenient as secrets are usually an afterthought after finishing the build prior to deployment.
Enter Berglas — a painless way to manage secrets. Under the hood Berglas uses the Cloud KMS + GCS or Secrets Manager to abstract away the complexity of having to wire these things up yourself.
Berglas CLI installation on Cloud Shell
Use the CLI to bootstrap secrets in a bucket or secret manager
KMS keyrings are created to symmetrically to encrypt Secrets
Deploy the cloud function that acts a webhook mutation endpoint
Deploy the Webook Mutating Webhook config referencing endpoint
Create a berglas secret, grant access to a cloud service account
Create and Annotate k8s service acct to Cloud service acct
Change PodSpec to reference Berglas Secret
GitHub - GoogleCloudPlatform/berglas: A tool for managing secrets on Google Cloud Berglas is a command line tool and library for storing and retrieving secrets on Google Cloud. Secrets are encrypted… github.com
GCP Services that works with Berglas GitHub - GoogleCloudPlatform/berglas: A tool for managing secrets on Google Cloud Berglas is a command line tool and library for storing and retrieving secrets on Google Cloud. Secrets are encrypted… github.com
Google Kubernetes Engine
Cloud Run
Cloud Build
Cloud Functions
AppEngine Standard & Flex
Init Scripts / Ansible scripts for Google Compute Engine
Other Reading
A painless way to manage secrets in Google Kubernetes Engine Berglas is the simplest solution we’ve seen for managing secrets on Kubernetes clusters in GKE. Here’s why it’s our new… insights.project-a.com
A Comparison of Secrets Managers for GCP | ScaleSec Earlier this year, Google made Secret Manager generally available (GA), and with this release came a new, native… scalesec.com
How to keep secrets secret in the cloud In this article, I want to show you how to do proper secret management that doesn't compromise on the easiness of use… www.kevinsimper.dk
No activity yet