Brussels / 4 & 5 February 2023


Automating secret rotation in Kubernetes

Minimizing mistakes by removing the human element

For years there was this notion that Kubernetes secrets are inherently insecure. There are certainly concerns about how Kubernetes stores and handles secrets, but base64 encoding (that most people often call out) is not the issue.

Regardless of how Kubernetes attempts to secure secrets, frequently rotating those secrets is certainly a best practice. It also poses a huge challenge, especially when done manually in a highly distributed environment: ensuring secrets are rotated in time, everywhere without affecting availability without making mistakes is no job for humans.

In my presentation, I will explain why secret rotation is important, what challenges it poses and how to do it in a Kubernetes environment.


Photo of Márk Sági-Kazár Márk Sági-Kazár