Excellent tutorial, Sir. Quick question : I am evaulting using the Helm Secret on a private cluster (non-cloud). Where do you recommend we store the private key please?
Hi Anton, I have an existing helm application already, just wondering how to use this helm 3 secret in this case? As this helm chart app is existing, there is no a sibling called secrets.yml from the application root folder.
HI Anthon, I hope you are doing good. Can you please tell me if your video will resolve the below requirement? standardise secrets usages in K8s with a design patter We do a lot of development that requires access to secure resources. The credentials for these get stored in a haphazard manner. We should have a design pattern for accessing/mounting secrets for JSON keys for GCP buckets. Access keys for Azure buckets Access keys for AWS buckets we should have a script to create the secret, and examples of how to use them in a helm chart. phase 1 should keep this as simple as possible We've done some work already to integrate a secrets manager such as hashicorp we should look at leveraging that if necessary, for phase 2.
First of all, you should not use access keys to access cloud resources, most of the time you can create IAM role with permissions to access it. You can even use the same IAM mechanism to access cross cloud resources, for example GCP bucket from AWS. Static credentials are a bad practice in general. Also, I think integration with secrets manager is a better solution then encrypt your secrets manually and store in the git. I would suggest to take a look on this - ruclips.net/video/Rmgo6vCytsg/видео.html
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
Excellent overview and I was able to understand clearly...Wonderful job Antan!!.
Great to hear!
Excellent tutorial, Sir. Quick question : I am evaulting using the Helm Secret on a private cluster (non-cloud). Where do you recommend we store the private key please?
You need to find a compromise between safety and convenience. The most secure is to store it offline on usb stick in the safe.
1Password or any trusted cloud storage for secrets
Superrr Tutorial. I wish you could explain cloud KM tools as well.
ok thanks, will do
👉 How to Manage Secrets in Terraform - ruclips.net/video/3N0tGKwvBdA/видео.html
👉 Terraform Tips & Tricks - ruclips.net/video/7S94oUTy2z4/видео.html
👉 ArgoCD Tutorial - ruclips.net/video/zGndgdGa1Tc/видео.html
Thank you for your video. It helped me :)
It was very clear and concise
Thanks Anthony!
very useful, thanks!
thank you!
sops -p is failling for me with sops metadata not found
for those who faced such problem - running sops -p in a new terminal might solve the problem
Really helpful. Can you please add another video to configure Helm 3 Secrets with ArgoCD
Sure in the future
Hi Anton,
I have an existing helm application already, just wondering how to use this helm 3 secret in this case? As this helm chart app is existing, there is no a sibling called secrets.yml from the application root folder.
I'll take a look
Hi Anton, how can we do same process for Azure to pull image from ACR
Maybe in the future :)
thanks for an overview
no problem :)
HI Anthon,
I hope you are doing good. Can you please tell me if your video will resolve the below requirement?
standardise secrets usages in K8s with a design patter
We do a lot of development that requires access to secure resources. The credentials for these get stored in a haphazard manner. We should have a design pattern for accessing/mounting secrets for
JSON keys for GCP buckets.
Access keys for Azure buckets
Access keys for AWS buckets
we should have a script to create the secret, and examples of how to use them in a helm chart.
phase 1 should keep this as simple as possible
We've done some work already to integrate a secrets manager such as hashicorp we should look at leveraging that if necessary, for phase 2.
First of all, you should not use access keys to access cloud resources, most of the time you can create IAM role with permissions to access it. You can even use the same IAM mechanism to access cross cloud resources, for example GCP bucket from AWS. Static credentials are a bad practice in general. Also, I think integration with secrets manager is a better solution then encrypt your secrets manually and store in the git. I would suggest to take a look on this - ruclips.net/video/Rmgo6vCytsg/видео.html
How does it work on Windows?
You would need to use Windows package manager to install it such as windows chocolatey. The rest of the command will be the same.
@@AntonPutra thank you! Can you send me the link?
@@yuliavasilyeva2692 absolutely here is a link for windows package manager chocolatey.org
by the way, let me know if you want me create tutorial how to use firebase hosting🤗
@@AntonPutra thanks!
Paldies :)
😀