Difficulty: Beginner
Estimated Time: 10 minutes

Before we begin...

This is a detailed, step-by-step tutorial for securing secrets of kubernetes-based applications

We will:

  1. Deploy a typical kubernetes application with database
  2. Discover the risk
  3. Deploy Conjur on Kubernetes
  4. Store its credentials in Kubernetes secrets
  5. Setup Secretless Broker to proxy connections to it
  6. Deploy an application that connects to the database without knowing its password

You're done!

In this tutorial you learned how to:

  1. Deploy a PostgreSQL database
  2. Store its credentials in Kubernetes secrets
  3. Setup Secretless Broker to proxy connections to it
  4. Deploy an application that connects to the database without knowing its password

Want to learn more? Take a look at our documentation

Secretless Broker on Kubernetes

Step 1 of 14

Overview

Applications and application developers should be incapable of leaking secrets.

To achieve that goal, you’ll play two roles in this tutorial:

  1. A Security Admin who handles secrets, and has sole access to those secrets
  2. An Application Developer with no access to secrets.

The situation looks like this:

the situation

Specifically, we will:

As the security admin:

  1. Setup Conjur in Kubernetes
  2. Prepare Conjur Client
  3. Enable Authenticator
  4. Enrolling App
  5. Config Secretless Broker Sidecar

As the application developer:

  • Deploy the application and the Secretless sidecar

Prerequisites To run through this tutorial, all you need is this course!

Let's get started!