Featured
-
SealedSecrets to ExternalSecrets: A Tale of Credential Migration, Maintenance, and Rotation
Posted on 20 mins
Why did we migrate?
The company I worked for had been a long time user of Bitnami’s SealedSecrets. SealedSecrets comes with a lot of great advantages, with one of the main ones being that you don’t need any special considerations when committing code to your repository. The secret is “sealed” (encrypted), so any credentials can be directly committed to the repository without any significant concerns of an account being compromised. However, new policies at the company concerning credential rotation were being implemented which highlighted some very significant pain points around with using SealedSecrets, the largest two among them being the workflow to add a secret, and the visibility into where the same credential has been used in multiple places.