How Kubernetes used gRPC to encrypt secrets with an external Key Management Service and Go for Javascript developers

Cite

FOSDEM VZW

Zhang, Rita Nagpal, Rashmi

Formal Metadata

Title

How Kubernetes used gRPC to encrypt secrets with an external Key Management Service and Go for Javascript developers

Title of Series

FOSDEM 2019

Number of Parts

561

Author

Zhang, Rita

Nagpal, Rashmi

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/44323 (DOI)

Publisher

FOSDEM VZW

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

How Kubernetes used gRPC to encrypt secrets with an external Key Management Service In recent headlines, there are increasing news about cloud resources getting hacked caused by attacks on Kubernetes clusters. Failing to properly secure your Kubernetes data can result in cloud resources getting hacked and your application secrets getting stolen. The etcd database contains information that may grant an attacker significant visibility into the state of your cluster. This presentation focuses on how a gRPC-based implementation was added to Kubernetes to delegate encrypting secrets to an external Key Management Service and the benefits of using a gRPC-based design for this type of problem. Basic knowledge of Kubernetes and gRPC is a plus but not required.