Skip to content

Storing private key inside container #1496

Closed Answered by agarcia-oss
annetteshajan asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @annetteshajan

The Sealed secrets controller expects the encryption TLS certificate to be present in a cluster Secret. The whole security model of Sealed Secrets depends on this since RBAC policies can be used to limit access to those secrets as needed.

Also, using cluster Secrets enables a history of TLS encryption keys used in the past, allowing the controller to decrypt Sealed Secrets deployed in the cluster no matter how old they are.

We need to make sure that whatever storage method we use for the encryption certificates, is compliant with these two requisites (fine-grained security model and history of encryption keys). Storing the keys in a container or volumen will not be compa…

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by agarcia-oss
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants