Shh, It’s a Secret: Managing Your Secrets in a GitOps Way


Authors:   Jacob Wernette, Josh Kayani


Managing secrets in a GitOps way using argocd-vault-plugin
  • Background on managing microservices with Kubernetes
  • Challenges with managing resources and observability
  • Solution: GitOps to manage resources and secrets
  • Introduction to argocd-vault-plugin
  • Benefits of using argocd-vault-plugin for secret management
  • Anecdote: Challenges with manual management of resources and secrets
The team started out managing a monolith deployed to websphere manually. As they moved to microservices and Kubernetes, they faced challenges with managing resources and observability. They turned to GitOps to manage resources and secrets, and found argocd-vault-plugin to be a useful tool for secret management.


How do you handle secrets? That is the first question that is asked whenever you are talking about GitOps. And it is a valid question! Do you put secrets directly in Git? Do you inject them in runtime? This is something that is trying to be answered across the community and in many different ways. Jake and his team at IBM looked at the landscape of GitOps specifically with Argo CD and could not find something that fit their needs. This talk will showcase how they were able to build and adopt argocd-vault-plugin and how it was able to simplify their secret management while allowing them to manage it in a GitOps way. Hopefully this talk will help you along in your GitOps journey and bridge the secrets gap that we are seeing so often in the community.