How do you secure secrets in a GitOps repository?
Tests whether you treat Git as source of truth while excluding plaintext credentials. A strong answer covers encrypting at rest with SOPS or Sealed Secrets, external stores like Vault, and operator workflows.
Tests whether you understand that Git as source of truth for infrastructure does not justify storing confidential data in plaintext, even in private repositories. A strong answer outlines three approaches: encrypting at rest with SOPS or Sealed Secrets so only the cluster can decrypt; referencing external stores such as Vault or cloud KMS and letting an operator inject at runtime; and reconciling secrets via operator hooks without persisting plaintext to version control.
Read the original → redhat.com
- #gitops
- #secrets-management
- #kubernetes
- #cicd
- #security
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.