IBM Cloud Docs
Securing Kubernetes secrets

Securing Kubernetes secrets

You can use IBM Cloud® Secrets Manager with IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud to manage the application secrets that are stored in your clusters. Check out the following scenario to learn more about this use case.

Scenario: Integrate secrets from Secrets Manager to your Kubernetes cluster

You're a security architect for a financial institution that competes regionally with global institutions for clients and opportunities. To maintain and extend its competitive advantage, your company wants to deliver powerful new experiences to its customers at a faster rate. But, the development velocity in your organization has slowed over time, as its services and applications are built on traditional tools and infrastructure that often rely on manual processes. You need to increase velocity, but cannot sacrifice security. You have no tolerance for putting customers in harm's way.

After much deliberation, your organization chooses IBM Cloud in a major initiative to accelerate velocity within its IT division. Your teams start their transition by using IBM Cloud Kubernetes Service to containerize their apps and move them to the cloud. As part of their automation, they need the ability to generate, secure, and reference thousands of Kubernetes Service application secrets. Rather than to inject those secrets at deployment time, you want the ability to secure them in an external secrets management service, and then retrieve them seamlessly at application run time.

You look to Secrets Manager as a solution to store secrets in a central repository. By extending the Kubernetes API with the External Secrets Operator open source project, your team is able to use IBM Cloud Secrets Manager to securely add secrets to Kubernetes.

This scenario features a third-party tool that can impact the compliance readiness of workloads that run in your Kubernetes cluster. If you add a community or third-party tool, keep in mind that you are responsible for maintaining the compliance of your apps and working with the appropriate provider to troubleshoot any issues. For more information, see Your responsibilities with using IBM Cloud Kubernetes Service.

Example architecture and tutorials

The diagram shows the technologies and flows that make up this specific implementation pattern.
Example architecture

Ready to start building a proof of concept? For more information about this pattern, check out the tutorial to help you get started.

This image is a visual link to the tutorial for securing Kubernetes secrets