GitOps has a fundamental tension: everything should be in Git, but secrets shouldn’t be in Git. You need database passwords, API keys, and tokens to deploy applications, but committing them to a repository is a security incident waiting to happen.
This post covers how to solve this with Infisical and External Secrets Operator (ESO) – a combination that keeps secrets out of Git while letting Kubernetes applications access them seamlessly. The same architectural pattern works with any ESO-supported backend (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), so the concepts apply regardless of which secrets manager you choose.
This article has been indexed from DZone Security Zone
Read the original article: