Encrypting Secrets in Kubernetes Clusters using KMS

Kubernetes secrets are not encrypted at rest by default and cluster administrators are often concerned about effectively managing secrets in production such that robust security can be ensured. At times there is uncertainty about the confidentiality of your Kubernetes secrets, the appropriate methods to encrypt them when at rest, and their related security risks. In this session, we aim to address these issues and discuss such concerns comprehensively by shedding light on the benefits of leveraging the Kubernetes KMS feature for protecting secrets against attacks like etcd compromise and host compromise. Through a concise live demonstration, we will showcase how to use robust encryption with the cloud provider's KMS and utilize plugins to encrypt and decrypt sensitive data within the cluster. Further, we will delve into other open source tools available for secret management and their applications in different use cases.