Using Secretless in Kubernetes

Estimated time to complete: 5 min

Products used: Kubernetes Secrets, PostgreSQL Service Authenticator

Overview

Applications and application developers should be incapable of leaking secrets.

To achieve that goal, you’ll play two roles in this tutorial:

  1. A Security Admin who handles secrets, and has sole access to those secrets
  2. An Application Developer with no access to secrets.

The situation looks like this:

Image

Specifically, we will:

As the security admin:

  1. Create a PostgreSQL database
  2. Create a DB user for the application
  3. Add that user’s credentials to Kubernetes Secrets
  4. Configure Secretless to connect to PostgreSQL using those credentials

As the application developer:

  1. Configure the application to connect to PostgreSQL via Secretless
  2. Deploy the application and the Secretless sidecar

Prerequisites

To run through this tutorial, you will need:

  • A running Kubernetes cluster (you can use minikube to run a cluster locally)
  • kubectl configured to point to the cluster
  • Docker CLI

Up next...

Play the role of a Security Admin and learn how to set up PostgreSQL and configure Secretless.

Want to learn more? Check out our documentation for more information, like how to use Secretless Broker in your Kubernetes environment!