Security

Stop Writing Tedious Security Rules! Let Kubescape Do the Work

Implementation and maintenance of security is tedious, especially when runtime portion of it is concerned. For example, if we’d like to be notified when a potential breach is happening, we’ll likely use a tool like Falco. It’s a great tool. It’s potentially one of the best if not the best tool of it’s kind. It allows us to define an infinite number of rules that, when one of them is met, will fire notifications. That’s the problem though. We have to define all those rules or, at least, accept a significant number of rules that are available out of the box. Essentially, we need to predict everything that should not be allowed to happen or, if we prefer the other way around, everything that is allowed. That is tedious and you are likely going to end up frustrated at best, in an asylum at worst. After all, who can predict all the bad things that might happen? and who is fully aware of all high and low level calls that applications are making? I certainly can’t.

How to Propagate Secrets Everywhere with External Secrets Operator (ESO) and Crossplane

Today I want to talk about secrets.

Don’t go away! I know that for many secrets is either boring or you think you already know everything there is to know about managing secrets. I will not talk about obvious “secret stuff”. Instead, I want to try to answer some less often asked yet important questions. “How do we make secrets easy and irrelevant to users?” “How do we propagate secrets without making them exposed?” “How do we generate secrets in one place but use them in another safely?”

…and a few others.