base64-is-not-encryption
base64-is-not-encryption copied to clipboard
Demo repo showing Kubernetes secrets being sad
Base64 is not encryption
This document describes the steps for my demo to showcase how Kubernetes secrets are inherently insecure by default.
You probably want to check out the tutorial
folder instead.
Setup
-
Configure everything:
$ ./bin/setup.sh
Demo
Default secrets
./bin/create-secret-default.sh
./bin/access-etcd-default.sh
Encrypted envelope
./bin/create-secret-vault.sh
./bin/access-etcd-vault.sh
Destroy
-
Destroy everything:
$ ./bin/destroy.sh