Skip to main content

Kubernetes Daily Task Aug 9 2022

  • August 9, 2022
  • 6 comments
  • 52 views
Geoff Burke
Forum|alt.badge.img+22

ok lets move on to the next task

 

Lets do something simple today that we will use at a later date. We will create a secret

 

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

 

 

k get secrets

 

Secrets are used to store confidential information otherwise you could use configmaps but they are only hashed not encrypted so you would need to use something more secure like Hashcorp Vault if you wanted more security.

Lets hack the secret to demonstrate this weakness:

 

k get secrets mysecret -oyaml

 

echo Qm9zc1NhbGFyeQ== | base64 -d

 

 

There it is in plain sight BossSalary!

VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS

    6 comments

    JMeixner
    Forum|alt.badge.img+18
    • JMeixner
    • On the path to Greatness
    • August 9, 2022

    Secrets are an interesting topic.

    This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
    Or what I am missing?

    Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Veeam Certified Engineer (VMCE) | LinkedIn: https://www.linkedin.com/in/jochen-meixner | X: @JoMeix | BlueSky: @jmeixner.bsky.social
      Chris.Childerhose
      Forum|alt.badge.img+21

      Completed this task for today.  Really cool topic for sure. 👍🏼

      Chris Childerhose (Enterprise Architect) - VMCE+ | VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV/VCP-VVF | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
        Chris.Childerhose
        Forum|alt.badge.img+21

        Just FYI @Geoff Burke - you spelled mysecret wrong in the first command - myscret so the third command does not work unless you change the spelling. 😋😉

        Chris Childerhose (Enterprise Architect) - VMCE+ | VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV/VCP-VVF | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
          Geoff Burke
          Forum|alt.badge.img+22
          • Geoff Burke
          • Author
          • Veeam Vanguard
          • August 9, 2022

          Just FYI @Geoff Burke - you spelled mysecret wrong in the first command - myscret so the third command does not work unless you change the spelling. 😋😉

          just goes to show never rush :) on the other hand this does help understand stuff :). Joking aside very important thing for the exams when you are rushing against the clock, one small typo can sink a lot of time in wasted troubleshooting so good to spot these quickly :)

          VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS
            Geoff Burke
            Forum|alt.badge.img+22
            • Geoff Burke
            • Author
            • Veeam Vanguard
            • August 9, 2022

            Secrets are an interesting topic.

            This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
            Or what I am missing?

            Yes for certain. Now someone would need access to Api server, or an account with the right rbac permissions but still. You can though encrypt deeper, that is a topic on the CKS exam. Here is a good article on secrets and what can be done to secure:

             

            https://blog.aquasec.com/managing-kubernetes-secrets

            VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS
              JMeixner
              Forum|alt.badge.img+18
              • JMeixner
              • On the path to Greatness
              • August 9, 2022

              Secrets are an interesting topic.

              This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
              Or what I am missing?

              Yes for certain. Now someone would need access to Api server, or an account with the right rbac permissions but still. You can though encrypt deeper, that is a topic on the CKS exam. Here is a good article on secrets and what can be done to secure:

               

              https://blog.aquasec.com/managing-kubernetes-secrets

              Thanks 😎 good article

              Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Veeam Certified Engineer (VMCE) | LinkedIn: https://www.linkedin.com/in/jochen-meixner | X: @JoMeix | BlueSky: @jmeixner.bsky.social
                Terms & ConditionsAccessibility statement