search

digitalocean / Kubernetes-Starter-Kit-Developers

Hands-on tutorial and Automation stack for an operations-ready DigitalOcean Kubernetes (DOKS) cluster.
745 stars 258 forks source link

08-kubernetes-sealed-secrets feedback #64

Closed nicktate closed 2 years ago

nicktate commented 2 years ago

The sealed secrets tutorial looks great overall, thanks for putting this together 👏. I had some feedback, mainly around expanding upon some of the security aspects to help make it really clear for users reading:

What Sealed Secrets allows you to do, is to store any Kubernetes secret in Git, without fearing that sensitive data is going to be exposed

It is important to call out that if one of the sealing keys used to encrypt git data is ever leaked, the plain-text content on git would be compromised. User's would not only need to rotate their sealing key, but also the underlying secrets used in their systems because the plain-text values would have to be considered exposed.

Sealed secrets decryption happens server side only, so as long as the DOKS cluster is secured (etcd database), everything should be safe.

I think it would be worth calling out that you need to ensure you have correct RBAC resources on your cluster to prevent unintended access to Secrets. One of the common misconceptions for those starting out is that Secrets are actually encrypted in some way, but like it is pointed out later in the article they are only base64 encoded, so anyone who can access that resource will have access.

In terms of security, meaning restricting other users to decrypt your sealed secrets inside the cluster, there are three scopes that you can use (kubeseal CLI --scope flag):

This is a great callout, but we should expand upon how this works in conjunction with Kubernetes RBAC to secure sealed secrets on the cluster.

Compared to other solutions, like Vault or KMS providers, Sealed Secrets is neither of those. It's just a way to safely encrypt your Kubernetes Secrets, so that the same GitOps principles can be applied as well when you need to manage sensitive data.

You call out the simplicity / narrow focus of sealed secrets, but it would be nice to expand upon this comparison a little more bit more. You can also support GitOpts style approaches with Vault for example, but on top of that it provides a lot more functionality in the space of secret management, identity and access control, cert management, etc.

v-ctiutiu commented 2 years ago

@nicktate Thanks a lot for the valuable feedback. I created a PR that should address the suggestions you mentioned. Please review and let me know your input. Thanks.

C.C. @bikram20