Kubefirst blog

The Best of Cloud Native Secrets Management

John Dietz
January 26, 2024

Let's talk about kubernetes secrets management for a second. On the kubefirst open source platform we've found an incredibly powerful secrets management technology combination.

Share on Twitter
Share on LinkedIn
Share on Reddit

Table of Contents

Get started today

Let's talk about kubernetes secrets management for a second. There's a lot of cloud native tech in the secrets space. On the kubefirst open source platform we've found an incredibly powerful secrets management combination to be:

1. 🔒 Hashicorp Vault: a powerful enterprise secrets manager self hosted in your cluster. It does much more than simple secrets and their self hosted free tier is an exceptionally stable and capable offering.
2. 🔀 External Secrets Operator: ESO will turn Vault secrets (or cloud secrets or any other secrets) into kubernetes secrets. It's an important platform abstraction so that your apps aren't bound to your secret storage technology.
3. ♻️ Reloader: A simple utility that automatically orchestrates rolling restarts of your apps when their secret or config values are changed. It's configured with simple annotations and easy to use.
4. 🐙 Argo CD: Keep your external secret objects in git and hand the controls to the masterful Argo CD gitops engine drive what secrets you need pulled.
5. 🚀 Kubefirst: We give you all of ☝ preconfigured and working together and then give you the gitops git repository that's powering it all.

What Else Does Kubefirst Give You?

Beyond a best-in-class secrets setup with the tools above, the kubefirst platform also includes cluster lifecycle and fleet management, github and gitlab integrations with argo workflows, sso, user and git repo management, container builds, helm chart publishing, gitops app delivery, application versioning, automated infrastructure as code with both atlantis and crossplane, an example app to show how it all works, a small team of incredible engineers supporting the effort, and a growing community of powerful users who want to share a portable open source cloud native platform to always be able to start from. We build our cluster infrastructure in 5 clouds and have a local story as well.

That's just the free open source story. 🤯

Introducing Kubefirst Pro in February '24

Starting next month, we hope to earn your business with some powerful new capabilities, and we plan to keep our commercial goals in our user interface layer. We'll be starting with the ability to model your fleets of physical kubernetes clusters across any of our supported clouds, managed by gitops, and delivering your own customizable set of cloud native apps to the clusters automatically. We'll start you off with a really good starting point for these models with our example cluster templates in your new gitops repo.

The gitops platform itself is of course always yours to keep free of charge, it's your gitops repository in your git org that's powering everything after all. This architecture provides your organization with the lock-in protection it needs, you can take the platform any direction you choose with your first pull request.

Install Your New Free Instant GitOps Platform

brew install kubefirst
kubefirst launch up

Kubefirst Live - Hashicorp Vault Episode

Argo CD
External Secrets Operator