Source: medium.com
Handling Kubernetes Secrets with ArgoCD and SopsCategory: Kubernetes, Docker, encryption, yaml
In this article, we will look into common ways to secure secrets in a Kubernetes application and how to manage them in a GitOps workflow based on ArgoCD with the help of Sops The problem is the following: your application depends on some secrets that you need to store securely and make available to your running application.
Let’s recap the tools we will use: Helm Secrets is essentially a wrapper for Helm that encrypt and decrypt secrets on the fly for you.
To make this work, you will still need a custom ArgoCD Dockerfile but you will not replace the Helm binary, only adding sops and Helm secrets.
To use the plugin in an Application, do it like this: You should get the same result as with our previous solution but with one notable exception: ArgoCD cannot recognize your plugin is in fact Helm in disguise so any GUI functionalities related to Helm will not be available, like seeing the values and parameters.
Let’s recap the tools we will use: Helm Secrets is essentially a wrapper for Helm that encrypt and decrypt secrets on the fly for you.
To make this work, you will still need a custom ArgoCD Dockerfile but you will not replace the Helm binary, only adding sops and Helm secrets.
To use the plugin in an Application, do it like this: You should get the same result as with our previous solution but with one notable exception: ArgoCD cannot recognize your plugin is in fact Helm in disguise so any GUI functionalities related to Helm will not be available, like seeing the values and parameters.
Related Articles
Community Partners
DevOps Careers