SealedSecrets Lets Teams Safely Store Kubernetes Secrets in Git Repos

·1 views

GitOps teams often struggle with storing sensitive credentials like API keys and database passwords in Git, since base64 encoding offers no real security and plaintext commits risk exposure. SealedSecrets, built by Bitnami, addresses this by using asymmetric RSA encryption through a lightweight in-cluster controller and a CLI tool called kubeseal. When installed, the controller generates a key pair on startup, keeping the private key inside the cluster while allowing the public key to be freely shared. Developers encrypt standard Kubernetes Secrets using kubeseal, producing a SealedSecret custom resource that is safe to commit to any repository, public or private. Only the in-cluster controller holding the matching private key can decrypt the resource, making it one of the simplest Kubernetes-native solutions for secure secret management in GitOps workflows.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Seven Concrete Ways AI Is Reshaping Software and Work Beyond Basic Chatbots

A DEV Community article outlines seven emerging shifts in how AI is being integrated into software and work, moving beyond simply enhancing existing tools. The piece argues that AI is evolving from a conversational assistant into an operator-style system capable of using tools, memory, and defined boundaries to complete tasks. Software interfaces are being redesigned to expose actions and context directly to AI agents, not just human users. Human roles are shifting toward defining intent, constraints, and review standards, while agents handle implementation. Across areas like productivity, learning, and web services, the underlying pattern is AI enabling human-directed systems with built-in context, evidence, and accountability.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How to Choose the Right Monitoring Tool for Your React App

React applications face silent failures — from race conditions to null check errors — that often go undetected until users report them, making monitoring essential for production apps. Monitoring broadly falls into three categories: error tracking, performance monitoring, and session replay, each answering a distinct question about app health. A practical comparison of seven popular tools — including Sentry, LogRocket, Datadog, New Relic, Bugsnag, and FullStory — highlights their strengths based on team size and use case. Sentry is recommended as a strong default for most React and Next.js projects, offering all three monitoring categories under one SDK with a free tier covering 5,000 errors per month. Choosing the wrong tool can waste both setup time and budget, making a clear decision framework critical before committing to any solution.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Freelancer Shares Proposal Strategy Behind 95% Upwork Bid Win Rate

A freelancer claims to have achieved a 95% bid win rate on Upwork across hundreds of proposals by making one key change in approach. Instead of leading with personal credentials and process lists, the strategy focuses on diagnosing the client's specific problem using details from their own job post. The method involves naming the likely root cause, hinting at a solution, and closing with a targeted question rather than a generic sign-off. The author argues that listing steps or deliverables positions a freelancer as a service provider, while demonstrating problem insight signals expertise. To apply the framework at scale, the author built an AI tool called AI Proposer that structures proposals accordingly and flags common mistakes before submission.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How Checkov Helps Developers Catch Insecure Terraform Configs Before Deployment

Infrastructure as Code tools like Terraform can produce valid configurations that are nonetheless insecure, since misconfigurations such as public storage buckets or missing encryption do not prevent successful deployment. Checkov is an open-source static analysis tool designed to scan Terraform and other IaC files for cloud misconfigurations and policy violations before any resources are created. Unlike application bugs that cause crashes or errors, infrastructure security flaws often go unnoticed while quietly exposing systems to risk. Checkov fits into both local development workflows and CI/CD pipelines, enabling teams to catch problems early as part of a shift-left security approach. This makes it a practical option not just for security specialists but also for developers seeking to build safer cloud environments from the start.

0 comments Read more at DEV Community