DevOps Articles

Handling Kubernetes Secrets with ArgoCD and Sops

In this article, we will look into common ways to secure secrets in a Kubernetes application and how to manage them in a GitOps workflow based on ArgoCD with the help of Sops The problem is the following: your application depends on some secrets that you need to store securely and make available to your running application.

Let’s recap the tools we will use: Helm Secrets is essentially a wrapper for Helm that encrypt and decrypt secrets on the fly for you.

To make this work, you will still need a custom ArgoCD Dockerfile but you will not replace the Helm binary, only adding sops and Helm secrets.

To use the plugin in an Application, do it like this: You should get the same result as with our previous solution but with one notable exception: ArgoCD cannot recognize your plugin is in fact Helm in disguise so any GUI functionalities related to Helm will not be available, like seeing the values and parameters.